packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0022-CVE-2022-2031-CVE-2022-32744.patch

38 lines
1.3 KiB
Diff
Raw Blame History

From 49aafce0a705d47ffd4753ce6c6f452c4f7aa882 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 24 Nov 2021 20:41:54 +1300
Subject: [PATCH 50/99] kdc: Require that PAC_REQUESTER_SID buffer is present
for TGTs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 30 03:33:26 UTC 2021 on sn-devel-184
(cherry picked from commit 38c5bad4a853b19fe9a51fb059e150b153c4632a)
Conflict: remove selftest/knownfail_heimdal_kdc
---
source4/kdc/wdc-samba4.c | 6 ++++++
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
index b1d011c09a9..d7ce34fb3a9 100644
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -459,6 +459,12 @@ static krb5_error_code samba_wdc_reget_pac2(krb5_context context,
talloc_free(mem_ctx);
return EINVAL;
}
+ if (delegated_proxy_principal == NULL && requester_sid_idx == -1) {
+ DEBUG(1, ("PAC_TYPE_REQUESTER_SID missing\n"));
+ SAFE_FREE(types);
+ talloc_free(mem_ctx);
+ return KRB5KDC_ERR_TGT_REVOKED;
+ }
/*
* The server account may be set not to want the PAC.
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink