git.samba.org - samba.git/commit - selftest/knownfail_mit

author	Andrew Bartlett <abartlet@samba.org>
	Tue, 1 Nov 2022 02:20:47 +0000 (15:20 +1300)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 13 Dec 2022 13:07:30 +0000 (13:07 +0000)
commit	975e43fc45531fdea14b93a3b1529b3218a177e6
tree	a436a898c2d681eef51bb13f98cfca24f7524a43	tree
parent	44802c46b18caf3c7f9f2fb1b66025fc30e22ac5	commit \| diff

CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added

ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this
CVE to indicate that additionally, AES session keys are available. We
set the etypes available for session keys depending on the encryption
types that are supported by the principal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219

Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

librpc/idl/netlogon.idl		diff \| blob \| history
selftest/knownfail_heimdal_kdc		diff \| blob \| history
selftest/knownfail_mit_kdc		diff \| blob \| history
source4/kdc/db-glue.c		diff \| blob \| history
source4/kdc/sdb.c		diff \| blob \| history
source4/kdc/sdb.h		diff \| blob \| history
source4/kdc/sdb_to_hdb.c		diff \| blob \| history
third_party/heimdal/kdc/kerberos5.c		diff \| blob \| history
third_party/heimdal/kdc/krb5tgs.c		diff \| blob \| history
third_party/heimdal/kdc/misc.c		diff \| blob \| history
third_party/heimdal/lib/hdb/hdb.asn1		diff \| blob \| history