packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0008-CVE-2022-2031-CVE-2022-32744.patch

65 lines
2.0 KiB
Diff
Raw Blame History

From 5cdec75f8bceee0e4996682d09104ff076e241b3 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 18 Oct 2021 15:21:50 +1300
Subject: [PATCH] kdc: Remove UF_NO_AUTH_DATA_REQUIRED from client principals
Tests against Windows 2019 show that UF_NO_AUTH_DATA_REQUIRED
applies to services only, not to clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
[abartlet@samba.org backported from commit 92e8ce18a79e88c9b961dc20e39436c4cf653013
as there was a knownfail conflict with the test_remove_pac case
which succeeds on this branch]
Conflict: remove selftest/knownfail_heimdal_kdc selftest/knownfail_mit_kdc
---
source4/kdc/mit_samba.c | 7 -------
source4/kdc/pac-glue.c | 5 -----
2 files changed, 12 deletions(-)
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 1f061f0..f713581 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -512,18 +512,11 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
ssize_t srv_checksum_idx = -1;
ssize_t kdc_checksum_idx = -1;
krb5_pac new_pac = NULL;
- bool ok;
if (client != NULL) {
client_skdc_entry =
talloc_get_type_abort(client->e_data,
struct samba_kdc_entry);
-
- /* The user account may be set not to want the PAC */
- ok = samba_princ_needs_pac(client_skdc_entry);
- if (!ok) {
- return EINVAL;
- }
}
if (server == NULL) {
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 6c63147..5ad4bbb 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -783,11 +783,6 @@ NTSTATUS samba_kdc_get_pac_blobs(TALLOC_CTX *mem_ctx,
*_pac_attrs_blob = NULL;
}
- /* The user account may be set not to want the PAC */
- if ( ! samba_princ_needs_pac(p)) {
- return NT_STATUS_OK;
- }
-
logon_blob = talloc_zero(mem_ctx, DATA_BLOB);
if (logon_blob == NULL) {
return NT_STATUS_NO_MEMORY;
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink