The Samba-Bugzilla – Attachment 14431 Details for
Bug 13571
[SECURITY] CVE-2018-16853 S4U2Self crash with MIT KDC build
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
possible patch
check_policy_as.patch.txt (text/plain), 1.66 KB, created by
Isaac Boukris
on 2018-08-17 22:22:59 UTC
(
hide
)
Description:
possible patch
Filename:
MIME Type:
Creator:
Isaac Boukris
Created:
2018-08-17 22:22:59 UTC
Size:
1.66 KB
patch
obsolete
>From 944ee4701d4b889c85122ab1999c2808627599bc Mon Sep 17 00:00:00 2001 >From: Isaac Boukris <iboukris@gmail.com> >Date: Sat, 18 Aug 2018 00:40:30 +0300 >Subject: [PATCH] mit-kdc: check_policy_as can actually be a tgs > >This happens when we are called from S4U2Self flow, >and in that case kdcreq->client is NULL. >Use the name from client entry instead. > >Signed-off-by: Isaac Boukris <iboukris@gmail.com> >--- > source4/kdc/mit-kdb/kdb_samba_policies.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > >diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c >index de5813bde2f..81ac73582e0 100644 >--- a/source4/kdc/mit-kdb/kdb_samba_policies.c >+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c >@@ -81,6 +81,7 @@ krb5_error_code kdb_samba_db_check_policy_as(krb5_context context, > char *netbios_name = NULL; > char *realm = NULL; > bool password_change = false; >+ krb5_const_principal client_princ; > DATA_BLOB int_data = { NULL, 0 }; > krb5_data d; > krb5_pa_data **e_data; >@@ -90,7 +91,10 @@ krb5_error_code kdb_samba_db_check_policy_as(krb5_context context, > return KRB5_KDB_DBNOTINITED; > } > >- if (ks_is_kadmin(context, kdcreq->client)) { >+ /* Prefer canonicalised name from client entry */ >+ client_princ = client ? client->princ : kdcreq->client; >+ >+ if (client_princ == NULL || ks_is_kadmin(context, client_princ)) { > return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; > } > >@@ -111,7 +115,7 @@ krb5_error_code kdb_samba_db_check_policy_as(krb5_context context, > goto done; > } > >- code = krb5_unparse_name(context, kdcreq->client, &client_name); >+ code = krb5_unparse_name(context, client_princ, &client_name); > if (code) { > goto done; > } >-- >2.14.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14431">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13571
:
14431
|
14432
|
14451
|
14626
|
14676
|
14677
|
14678
|
14679