git.ipfire.org Git - thirdparty/samba.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Tue, 1 Nov 2022 02:20:47 +0000 (15:20 +1300)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 13 Dec 2022 23:48:48 +0000 (00:48 +0100)
commit	1e32bfc0fdd5394268eb86f60de521722f783a50
tree	2c1da4863afe620697824d9b52675f23cc322409	tree
parent	701b2650d1b47adac55f948c4e055d5ecc52e1da	commit \| diff

CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added

ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this
CVE to indicate that additionally, AES session keys are available. We
set the etypes available for session keys depending on the encryption
types that are supported by the principal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219

Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(similar to commit 975e43fc45531fdea14b93a3b1529b3218a177e6)
[jsutton@samba.org Fixed knownfail conflicts]

[jsutton@samba.org Adapted to older KDC code; fixed knownfail conflicts]

[jsutton@samba.org Fixed knownfail conflicts; adapted to older KDC and
Heimdal code]

librpc/idl/netlogon.idl		diff \| blob \| blame \| history
selftest/knownfail_heimdal_kdc		diff \| blob \| blame \| history
selftest/knownfail_mit_kdc		diff \| blob \| blame \| history
source4/heimdal/kdc/kerberos5.c		diff \| blob \| blame \| history
source4/heimdal/kdc/krb5tgs.c		diff \| blob \| blame \| history
source4/heimdal/kdc/misc.c		diff \| blob \| blame \| history
source4/heimdal/lib/hdb/hdb.asn1		diff \| blob \| blame \| history
source4/kdc/db-glue.c		diff \| blob \| blame \| history
source4/kdc/sdb.c		diff \| blob \| blame \| history
source4/kdc/sdb.h		diff \| blob \| blame \| history
source4/kdc/sdb_to_hdb.c		diff \| blob \| blame \| history