git.ipfire.org Git - thirdparty/samba.git/commit

author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Wed, 18 May 2022 04:56:01 +0000 (16:56 +1200)
committer	Jule Anger <janger@samba.org>
	Sun, 24 Jul 2022 09:42:02 +0000 (11:42 +0200)
commit	3cab62893668742781551dae6505558e47cf08b5
tree	bf6f9c1e8a7a2d4634f7be9276327d5c395f068f	tree
parent	fa4742e1b9dea0b9c379f00666478bd41c021634	commit \| diff

CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principal

Since this principal goes through the samba_kdc_fetch_server() path,
setting the canonicalisation flag would cause the principal to be
replaced with the sAMAccountName; this meant requests to
kadmin/changepw@REALM would result in a ticket to krbtgt@REALM. Now we
properly handle canonicalisation for the kadmin/changepw principal.

View with 'git show -b'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
[jsutton@samba.org Adapted entry to entry_ex->entry; removed MIT KDC
1.20-specific knownfails]

selftest/knownfail.d/kadmin_changepw	[deleted file]	blob \| blame \| history
selftest/knownfail_heimdal_kdc		diff \| blob \| blame \| history
source4/kdc/db-glue.c		diff \| blob \| blame \| history