packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0002-CVE-2022-2031-CVE-2022-32744.patch

105 lines
3.8 KiB
Diff
Raw Blame History

From 8048b6fe8cfd2887090a5aec682060b396794f6b Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Fri, 8 Oct 2021 16:06:58 +1300
Subject: [PATCH] s4:kdc: Simplify samba_kdc_update_pac_blob() to take
ldb_context as parameter
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7149eeaceb426470b1b8181749d2d081c2fb83a4)
---
source4/kdc/mit_samba.c | 7 +------
source4/kdc/pac-glue.c | 5 ++---
source4/kdc/pac-glue.h | 3 +--
source4/kdc/wdc-samba4.c | 2 +-
4 files changed, 5 insertions(+), 12 deletions(-)
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 54dcd545ea1..2936fe2d18a 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -482,7 +482,6 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
DATA_BLOB *deleg_blob = NULL;
struct samba_kdc_entry *client_skdc_entry = NULL;
struct samba_kdc_entry *krbtgt_skdc_entry = NULL;
- struct samba_kdc_entry *server_skdc_entry = NULL;
bool is_in_db = false;
bool is_untrusted = false;
size_t num_types = 0;
@@ -513,9 +512,6 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
if (server == NULL) {
return EINVAL;
}
- server_skdc_entry =
- talloc_get_type_abort(server->e_data,
- struct samba_kdc_entry);
if (krbtgt == NULL) {
return EINVAL;
@@ -575,8 +571,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
nt_status = samba_kdc_update_pac_blob(tmp_ctx,
context,
- krbtgt_skdc_entry,
- server_skdc_entry,
+ krbtgt_skdc_entry->kdc_db_ctx->samdb,
*pac,
pac_blob,
pac_srv_sig,
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 04fbc5cf487..88bcb734fc5 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -747,8 +747,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct samba_kdc_entry *krbtgt,
- struct samba_kdc_entry *server,
+ struct ldb_context *samdb,
const krb5_pac pac, DATA_BLOB *pac_blob,
struct PAC_SIGNATURE_DATA *pac_srv_sig,
struct PAC_SIGNATURE_DATA *pac_kdc_sig)
@@ -768,7 +767,7 @@ NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx,
* as the token might be generated by a trusted domain.
*/
nt_status = authsam_update_user_info_dc(mem_ctx,
- krbtgt->kdc_db_ctx->samdb,
+ samdb,
user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h
index 2eb7fd3b755..7b51b0389f5 100644
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -51,8 +51,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct samba_kdc_entry *krbtgt,
- struct samba_kdc_entry *server,
+ struct ldb_context *samdb,
const krb5_pac pac, DATA_BLOB *pac_blob,
struct PAC_SIGNATURE_DATA *pac_srv_sig,
struct PAC_SIGNATURE_DATA *pac_kdc_sig);
diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
index a7d8de1f417..68c8a8aa572 100644
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -186,7 +186,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context,
}
nt_status = samba_kdc_update_pac_blob(mem_ctx, context,
- krbtgt_skdc_entry, p,
+ krbtgt_skdc_entry->kdc_db_ctx->samdb,
*pac, pac_blob,
pac_srv_sig, pac_kdc_sig);
if (!NT_STATUS_IS_OK(nt_status)) {
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink