]> git.ipfire.org Git - thirdparty/samba.git/commit
CVE-2020-25719 CVE-2020-25717: auth/gensec: always require a PAC in domain mode ...
authorStefan Metzmacher <metze@samba.org>
Tue, 5 Oct 2021 16:11:57 +0000 (18:11 +0200)
committerJule Anger <janger@samba.org>
Mon, 8 Nov 2021 09:52:10 +0000 (10:52 +0100)
commiteba5e1321830624e6e42d248616f651beb0d3b99
tree7ab16229af547de6ed79c9660cb4a2778879254b
parent39cf01d0d26608065dc071d58fea4cfd8d51bf02
CVE-2020-25719 CVE-2020-25717: auth/gensec: always require a PAC in domain mode (DC or member)

AD domains always provide a PAC unless UF_NO_AUTH_DATA_REQUIRED is set
on the service account, which can only be explicitly configured,
but that's an invalid configuration!

We still try to support standalone servers in an MIT realm,
as legacy setup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[jsutton@samba.org Removed knownfail entries]
auth/gensec/gensec_util.c
selftest/knownfail.d/no-pac [deleted file]