GitLab

Joseph Sutton authored Nov 24, 2021 and Andrew Bartlett committed Dec 01, 2021

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from Samba commit f7a2fef8f49a86f63c3dc2f6a2d7d979fb53238a)

Joseph Sutton authored Jul 14, 2021 and Andrew Bartlett committed Dec 01, 2021

Doing so is undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from Samba commit ba1420f5b8f777324e92574d6cc60bd8f05186f3)

Joseph Sutton authored Jul 14, 2021 and Andrew Bartlett committed Dec 01, 2021

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from Samba commit 3fd5de5b1a5de3f70c64bbd0c1c791cb3ad694bb)

Joseph Sutton authored Jul 14, 2021 and Andrew Bartlett committed Dec 01, 2021

For empty buffers, the 'data' pointer is often NULL, which causes
undefined behaviour when such a pointer is passed into memset(), memcpy(), or memove().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from Samba commit e705efb1ebff13fda709d08299eab4dfa718a677)

Joseph Sutton authored Nov 16, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 81a38830eff6eef4c197f77e8bb3e4bdddd71ee6)

Isaac Boukris authored Oct 31, 2018 and Andrew Bartlett committed Dec 01, 2021

and allow the realm to be canonicalized. This is
useful when Windows KDC returns the canonical realm
instead of requested lc or netbios realm.

TODO: Is this ok ? in find_cred we seem to be okay
with any realm.
The old code didn't check at all it seems (check
when this was introduced).
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
(cherry picked from Samba commit d8780a9bde156cfe15c95ab12e15ffbc1332df6c)

Joseph Sutton authored Oct 08, 2021 and Andrew Bartlett committed Dec 01, 2021

This lets us call it from Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org Similar to Samba commit 3bdce12789af1e7a7aba56691f184625a432410d
 but also fixed for caller in Heimdal windc plugin tests]

Joseph Sutton authored Aug 11, 2021 and Andrew Bartlett committed Dec 01, 2021

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from Samba commit 28a5a586c8e9cd155d676dcfcb81a2587ace99d1)

Stefan Metzmacher authored Apr 06, 2020 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 639b64c8fd7cefc0f4e734162216f255b5a4efeb)

Stefan Metzmacher authored Apr 01, 2020 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 871a4e7a1cab265b2820facdbc6f19a116e9af74)

Isaac Boukris authored Oct 31, 2018 and Andrew Bartlett committed Dec 01, 2021

even if canonicalize falg is not set, same as Windows.

Regression introduced by upstream commit:
378f34b4

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
(cherry picked from Samba commit a9e6119ca0c2a78ef314c3162122539ee834aa04)

TODO CHECK heimdal: Fix loss of information in _gsskrb5_canon_name() from call to krb5_sname_to_principal()

This would discard the realm the client specified.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

This is called from gsskrb5_set_dns_canonicalize() and krb5_set_dns_canonicalize_hostname()
and is used by Samba to ensure that the AD DC sees the name as specified by the client.

We allow the krb5.conf to override, if specifically configured.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

This changes behaviour flagged as being for Java 1.6.  My hope is that this does not
set f.canonicalize
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Stefan Metzmacher authored Sep 05, 2018 and Andrew Bartlett committed Dec 01, 2021

An AS-REQ with an enterprise principal will always directed to a kdc of the local
(default) realm. The KDC directs the client into the direction of the
final realm. See rfc6806.txt.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from Samba commit fca11edc0b476f5b87b3301da32fd0409d9590c7)

Stefan Metzmacher authored Jan 29, 2017 and Andrew Bartlett committed Dec 01, 2021

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Stefan Metzmacher authored Jul 25, 2011 and Andrew Bartlett committed Dec 01, 2021

Is there a better way to handle this?

metze

Stefan Metzmacher authored Aug 22, 2008 and Andrew Bartlett committed Dec 01, 2021

This is really a ugly hack, to support using the Netbios Domain Name
as realm against windows KDC's, they always return the full realm
based on the DNS Name.

metze

Joseph Sutton authored Nov 19, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 221801027d672df5e1a8f67610129add33bbd022)

Joseph Sutton authored Nov 19, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 321e60606c4e0356bbdec9e0a910199a8fdc541d)

Joseph Sutton authored Nov 18, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 78d213981f50b5e8fda283996c03e490d0bed662)

Joseph Sutton authored Nov 17, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 1b65662ef6f75ed104cb40944ce22082e9cab264)

Joseph Sutton authored Nov 18, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 7b719b12f30a95face3ec55f1651813a9625c911)

Joseph Sutton authored Nov 18, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit d94b9ea06523ce07ccf25986688e9318cfc3b435)

Joseph Sutton authored Nov 18, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 0e873cde635eaf0c4519c737aff3d0c7b247d304)

Joseph Sutton authored Nov 18, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 34b79e352e7c2f936a75226949c601b3ca42fa94)

Joseph Sutton authored Nov 17, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 003e9d0dabcb8b79b16f7b6ab7547b89f407930a)

Joseph Sutton authored Nov 17, 2021 and Andrew Bartlett committed Dec 01, 2021

Note: FastOptions2int() will not return any bits we are not explicitly
aware of, so this check does not function as intended.
(cherry picked from Samba commit 8f8a539cea210c629cb9502079797a21983e2a8f)

Joseph Sutton authored Nov 16, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit a3e77bd56c8315b9d3fa19abde6410b40f96976b)

Joseph Sutton authored Nov 16, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit ad347d1c6e93bc70219d0ff0001f2c911f78c90b)

Joseph Sutton authored Nov 16, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 7b1192992242945c134cab5d52058a3c3d410b27)

Joseph Sutton authored Oct 08, 2021 and Andrew Bartlett committed Dec 01, 2021

AES256 and AES128 are newer enctypes because they are officially
specified in RFC4120. Enctypes specified subsequent to this RFC are not
yet supported.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from Samba commit 51b44c544dd04154dc5fffed710b34ed88dd11dc)

Joseph Sutton authored Nov 18, 2021 and Andrew Bartlett committed Dec 01, 2021

If a function calls unparse_flags() to convert a KDCOptions value into a
string when the 'validate' flag is set, KDCOptions2int() will return 1
<< 31, which becomes −2147483648 when converted to a 32-bit signed
integer. Since the loop in unparse_something() only runs as long as its
input is greater than zero, this will result in nothing being printed to
the buffer. Changing unparse_flags() to take an int64_t avoids this
behaviour, at least until a 64th flag bit is added. We also return an
error value of -1 from unparse_something() if it receives a negative
value.

However, the callers are not checking the result from unparse_flags()
and would still have attempted to log these uninitialised bytes. Modify
some of these callers so that they perform this checking.
(cherry picked from Samba commit 0e408391b93f7b2c0fda1f30a8266c9bfd042567)

Joseph Sutton authored Nov 18, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 3963998b9a96495a851452a9d624f05e07bd196b)

Joseph Sutton authored Nov 18, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit c6ffb37ba49dfa5e3b960aeb7a5dbaaa29ac7afa)

Joseph Sutton authored Nov 16, 2021 and Andrew Bartlett committed Dec 01, 2021

(cherry picked from Samba commit 59d56cdd7028ad80ada7bfd02018ba30531ce5b0)

Joseph Sutton authored Nov 16, 2021 and Andrew Bartlett committed Dec 01, 2021

Redo CVE-2020-25719 heimdal:kdc: Verify PAC in TGT provided for user-to-user authentication 49a13f0fc942d1cfb767d5b6bf49d62241d52046

(cherry picked from Samba commit 998f985f01a6cf4a5a943ee5cc0f2decdfd6cce7)

Joseph Sutton authored Nov 16, 2021 and Andrew Bartlett committed Dec 01, 2021

Redo CVE-2020-25719 heimdal:kdc: Check name in request against name in user-to-user TGT f08e6ac86226dcd939fd0e40b6f7dc80c5c00e79

(cherry picked from Samba commit 3b5b658a228821963dc5f893b6ad9214612ce2b0)

Joseph Sutton authored Nov 16, 2021 and Andrew Bartlett committed Dec 01, 2021

Redo CVE-2020-25719 heimdal:kdc: Use sname from request rather than user-to-user TGT client name fd50fecbe99ae4fc63843c796d0a516731a1fe6a

(cherry picked from Samba commit 864a26b67c111ab8ca5a46628fa75e61584b39b0)

Joseph Sutton authored Nov 16, 2021 and Andrew Bartlett committed Dec 01, 2021

Redo CVE-2020-25719 heimdal:kdc: Move fetching krbtgt entry to before enctype selection f170f1eb4989d7f337eed0f45a558fe5231ea367

(cherry picked from Samba commit 10605af9c00cbf2ea18d9070b1571ecd9b9e4dfb)