git.samba.org - lorikeet-heimdal.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Tue, 1 Nov 2022 02:20:47 +0000 (15:20 +1300)
committer	Joseph Sutton <josephsutton@catalyst.net.nz>
	Wed, 3 May 2023 04:13:17 +0000 (16:13 +1200)
commit	a565f3ac384d8251a8fb682cd0a4e3f9b6595bbe
tree	b67add0399cece34530360796c2b93283ca117ba	tree
parent	dbd4e442ec24e9c30a5cfdc6efa44a0a6b4af484	commit \| diff

CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added

ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this
CVE to indicate that additionally, AES session keys are available. We
set the etypes available for session keys depending on the encryption
types that are supported by the principal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219

Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

kdc/kerberos5.c		diff \| blob \| history
kdc/krb5tgs.c		diff \| blob \| history
kdc/misc.c		diff \| blob \| history
lib/hdb/hdb.asn1		diff \| blob \| history