git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bbfbbb9) | patch
CVE-2022-2031 s4:kpasswd: Require an initial ticket
authorJoseph Sutton <josephsutton@catalyst.net.nz>
Wed, 18 May 2022 04:52:41 +0000 (16:52 +1200)
committerJule Anger <janger@samba.org>
Wed, 27 Jul 2022 10:52:36 +0000 (10:52 +0000)
commitce3b7b27a370e1f1299e8a60bf776082e2057a87
treef7cc6a98c1bd1aa5383c13d9ef64815002f4c370tree
parentbbfbbb9f6483d113c7b428109ee00c1c1aab4b02commit | diff
CVE-2022-2031 s4:kpasswd: Require an initial ticket

Ensure that for password changes the client uses an AS-REQ to get the
ticket to kpasswd, and not a TGS-REQ.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
selftest/knownfail_heimdal_kdc diff | blob | history
selftest/knownfail_mit_kdc diff | blob | history
selftest/knownfail_mit_kdc_1_20 diff | blob | history
source4/kdc/kpasswd-service-heimdal.c diff | blob | history
source4/kdc/kpasswd-service-mit.c diff | blob | history
source4/kdc/wscript_build diff | blob | history
Samba Shared Repository