58 lines
1.7 KiB
Diff
58 lines
1.7 KiB
Diff
From 048c400e02c5fef623ed95dfdd92bc1591ef6710 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Mon, 9 Aug 2021 17:22:52 +0200
|
|
Subject: [PATCH] CVE-2020-25719 mit_samba: The samba_princ_needs_pac check
|
|
should be on the server entry
|
|
|
|
This does the same check as the hdb plugin now. The client check is already
|
|
done earlier.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
---
|
|
source4/kdc/mit_samba.c | 12 ++++++++++++
|
|
1 file changed, 12 insertions(+)
|
|
|
|
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
|
|
index be6ea83c042..d11e1640ee9 100644
|
|
--- a/source4/kdc/mit_samba.c
|
|
+++ b/source4/kdc/mit_samba.c
|
|
@@ -486,6 +486,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
|
|
DATA_BLOB *deleg_blob = NULL;
|
|
struct samba_kdc_entry *client_skdc_entry = NULL;
|
|
struct samba_kdc_entry *krbtgt_skdc_entry = NULL;
|
|
+ struct samba_kdc_entry *server_skdc_entry = NULL;
|
|
bool is_in_db = false;
|
|
bool is_untrusted = false;
|
|
size_t num_types = 0;
|
|
@@ -499,6 +500,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
|
|
ssize_t srv_checksum_idx = -1;
|
|
ssize_t kdc_checksum_idx = -1;
|
|
krb5_pac new_pac = NULL;
|
|
+ bool ok;
|
|
|
|
if (client != NULL) {
|
|
client_skdc_entry =
|
|
@@ -510,6 +512,16 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
|
|
return EINVAL;
|
|
}
|
|
|
|
+ server_skdc_entry =
|
|
+ talloc_get_type_abort(server->e_data,
|
|
+ struct samba_kdc_entry);
|
|
+
|
|
+ /* The account may be set not to want the PAC */
|
|
+ ok = samba_princ_needs_pac(server_skdc_entry);
|
|
+ if (!ok) {
|
|
+ return EINVAL;
|
|
+ }
|
|
+
|
|
if (krbtgt == NULL) {
|
|
return EINVAL;
|
|
}
|
|
--
|
|
2.33.0
|
|
|