git.samba.org - samba.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Thu, 7 Oct 2021 19:29:51 +0000 (08:29 +1300)
committer	Jule Anger <janger@samba.org>
	Tue, 9 Nov 2021 19:45:34 +0000 (19:45 +0000)
commit	05898cfb139ae0674c8251acc9d64c4c3d4c8376
tree	4b52568ee861f0ca1b035b26cb4169f053b381db	tree
parent	80257fa37c49138fb1af0a910a3ea41954096c11	commit \| diff

CVE-2020-25719 kdc: Avoid races and multiple DB lookups in s4u2self check

Looking up the DB twice is subject to a race and is a poor
use of resources, so instead just pass in the record we
already got when trying to confirm that the server in
S4U2Self is the same as the requesting client.

The client record has already been bound to the the
original client by the SID check in the PAC.

Likewise by looking up server only once we ensure
that the keys looked up originally are in the record
we confirm the SID for here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14686

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

source4/heimdal/kdc/krb5tgs.c		diff \| blob \| history
source4/heimdal/lib/hdb/hdb.h		diff \| blob \| history
source4/kdc/db-glue.c		diff \| blob \| history
source4/kdc/db-glue.h		diff \| blob \| history
source4/kdc/hdb-samba4.c		diff \| blob \| history