git.samba.org - pfilipensky/samba-autobuild/.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Tue, 1 Nov 2022 02:20:47 +0000 (15:20 +1300)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 14 Dec 2022 10:28:16 +0000 (10:28 +0000)
commit	a836bcf22ce87cf93e7d3cbf975d1baaa8f32c3b
tree	39485da94b73b908c34655c84c02d099e4ad8ad0	tree
parent	da9da918f7510a1b8120479b8ec505b6b2397e93	commit \| diff

CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added

ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this
CVE to indicate that additionally, AES session keys are available. We
set the etypes available for session keys depending on the encryption
types that are supported by the principal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219

Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(similar to commit 975e43fc45531fdea14b93a3b1529b3218a177e6)
[jsutton@samba.org Fixed knownfail conflicts]

[jsutton@samba.org Adapted to older KDC code; fixed knownfail conflicts]

librpc/idl/netlogon.idl		diff \| blob \| history
selftest/knownfail_heimdal_kdc		diff \| blob \| history
selftest/knownfail_mit_kdc		diff \| blob \| history
source4/kdc/db-glue.c		diff \| blob \| history
source4/kdc/sdb.c		diff \| blob \| history
source4/kdc/sdb.h		diff \| blob \| history
source4/kdc/sdb_to_hdb.c		diff \| blob \| history
third_party/heimdal/kdc/kerberos5.c		diff \| blob \| history
third_party/heimdal/kdc/krb5tgs.c		diff \| blob \| history
third_party/heimdal/kdc/misc.c		diff \| blob \| history
third_party/heimdal/lib/hdb/hdb.asn1		diff \| blob \| history