80 lines
2.7 KiB
Diff
80 lines
2.7 KiB
Diff
From 42ba919c06c24c42ef123304de0c2ca8c689591a Mon Sep 17 00:00:00 2001
|
|
From: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Date: Thu, 26 May 2022 16:36:30 +1200
|
|
Subject: [PATCH 89/99] CVE-2022-32744 s4:kdc: Rename keytab_name ->
|
|
kpasswd_keytab_name
|
|
|
|
This makes explicitly clear the purpose of this keytab.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
|
|
|
|
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
|
|
[jsutton@samba.org Fixed conflicts due to lacking HDBGET support]
|
|
---
|
|
source4/kdc/kdc-heimdal.c | 4 ++--
|
|
source4/kdc/kdc-server.h | 2 +-
|
|
source4/kdc/kdc-service-mit.c | 4 ++--
|
|
source4/kdc/kpasswd-service.c | 2 +-
|
|
4 files changed, 6 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/source4/kdc/kdc-heimdal.c b/source4/kdc/kdc-heimdal.c
|
|
index ba74df4f2ec..a4c845b62f8 100644
|
|
--- a/source4/kdc/kdc-heimdal.c
|
|
+++ b/source4/kdc/kdc-heimdal.c
|
|
@@ -444,8 +444,8 @@ static void kdc_post_fork(struct task_server *task, struct process_details *pd)
|
|
return;
|
|
}
|
|
|
|
- kdc->keytab_name = talloc_asprintf(kdc, "HDB:samba4&%p", kdc->base_ctx);
|
|
- if (kdc->keytab_name == NULL) {
|
|
+ kdc->kpasswd_keytab_name = talloc_asprintf(kdc, "HDB:samba4&%p", kdc->base_ctx);
|
|
+ if (kdc->kpasswd_keytab_name == NULL) {
|
|
task_server_terminate(task,
|
|
"kdc: Failed to set keytab name",
|
|
true);
|
|
diff --git a/source4/kdc/kdc-server.h b/source4/kdc/kdc-server.h
|
|
index fd883c2e4b4..89b30f122f5 100644
|
|
--- a/source4/kdc/kdc-server.h
|
|
+++ b/source4/kdc/kdc-server.h
|
|
@@ -40,7 +40,7 @@ struct kdc_server {
|
|
struct ldb_context *samdb;
|
|
bool am_rodc;
|
|
uint32_t proxy_timeout;
|
|
- const char *keytab_name;
|
|
+ const char *kpasswd_keytab_name;
|
|
void *private_data;
|
|
};
|
|
|
|
diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c
|
|
index 5d4180aa7cc..22663b6ecc8 100644
|
|
--- a/source4/kdc/kdc-service-mit.c
|
|
+++ b/source4/kdc/kdc-service-mit.c
|
|
@@ -291,8 +291,8 @@ NTSTATUS mitkdc_task_init(struct task_server *task)
|
|
return NT_STATUS_INTERNAL_ERROR;
|
|
}
|
|
|
|
- kdc->keytab_name = talloc_asprintf(kdc, "KDB:");
|
|
- if (kdc->keytab_name == NULL) {
|
|
+ kdc->kpasswd_keytab_name = talloc_asprintf(kdc, "KDB:");
|
|
+ if (kdc->kpasswd_keytab_name == NULL) {
|
|
task_server_terminate(task,
|
|
"KDC: Out of memory",
|
|
true);
|
|
diff --git a/source4/kdc/kpasswd-service.c b/source4/kdc/kpasswd-service.c
|
|
index b4706de1ad7..0d2acd8d9e8 100644
|
|
--- a/source4/kdc/kpasswd-service.c
|
|
+++ b/source4/kdc/kpasswd-service.c
|
|
@@ -167,7 +167,7 @@ kdc_code kpasswd_process(struct kdc_server *kdc,
|
|
|
|
rv = cli_credentials_set_keytab_name(server_credentials,
|
|
kdc->task->lp_ctx,
|
|
- kdc->keytab_name,
|
|
+ kdc->kpasswd_keytab_name,
|
|
CRED_SPECIFIED);
|
|
if (rv != 0) {
|
|
DBG_ERR("Failed to set credentials keytab name\n");
|
|
--
|
|
2.25.1
|