git.samba.org - metze/samba-autobuild/.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Thu, 17 Mar 2022 13:46:55 +0000 (14:46 +0100)
committer	Andrew Bartlett <abartlet@samba.org>
	Wed, 21 Jun 2023 23:24:37 +0000 (23:24 +0000)
commit	489cdefa6ab1bf7bd5cf3ea0ea64c03dc08fa8bd
tree	5e5be733219c4f6951912fa1e5c1b09e695c0d3b	tree
parent	0ef8083cca0ffdf20d98545fb7e3aa576e661222	commit \| diff

tests/krb5/s4u_tests.py: add test_constrained_delegation_with_enc_auth_data_[no_]subkey()

This demonstrates that we use the correct key for EncAuthorizationData
together with constrained delegation.

The actual fix for the problem is already in place via
commit 75ec66c729faad60fa18b9504ba4053b3e2f47bc
third_party/heimdal: Import lorikeet-heimdal-202306091507 (commit 7d8afc9d7e3d309ddccc2aea6405a8ca6280f6de)

The related patches are:
38c47c54f0c78fed5afc1aea9c5f6683e06ec842 kdc: fix memory leak when decryption AuthorizationData
61c0089ea3f5387953818a3ac99fb529244196e6 kdc: decrypt b->enc_authorization_data in tgs_build_reply()
fed5579814108ee90f701ca6bfb5500f7d839bc4 kdc: if we don't have an authenticator subkey for S4U2Proxy we need to use the keys from evidence_tkt

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13131

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>