CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name

This makes explicitly clear the purpose of this keytab.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
[jsutton@samba.org Fixed conflicts due to lacking HDBGET support]

diff --git a/source4/kdc/kdc-heimdal.c b/source4/kdc/kdc-heimdal.c
index ba74df4f2ec755888353a703c5380554ba98f9d2..a4c845b62f812e9ca9b47cb3943b4e9a4f602c43 100644 (file)
--- a/source4/kdc/kdc-heimdal.c
+++ b/source4/kdc/kdc-heimdal.c
@@ -444,8 +444,8 @@ static void kdc_post_fork(struct task_server *task, struct process_details *pd)
                return;
        }
 
-       kdc->keytab_name = talloc_asprintf(kdc, "HDB:samba4&%p", kdc->base_ctx);
-       if (kdc->keytab_name == NULL) {
+       kdc->kpasswd_keytab_name = talloc_asprintf(kdc, "HDB:samba4&%p", kdc->base_ctx);
+       if (kdc->kpasswd_keytab_name == NULL) {
                task_server_terminate(task,
                                      "kdc: Failed to set keytab name",
                                      true);

diff --git a/source4/kdc/kdc-server.h b/source4/kdc/kdc-server.h
index fd883c2e4b459ffd9011e1e963284a61c9590ca6..89b30f122f5c62b0513ef2cb01d6f5e9433ac851 100644 (file)
--- a/source4/kdc/kdc-server.h
+++ b/source4/kdc/kdc-server.h
@@ -40,7 +40,7 @@ struct kdc_server {
        struct ldb_context *samdb;
        bool am_rodc;
        uint32_t proxy_timeout;
-       const char *keytab_name;
+       const char *kpasswd_keytab_name;
        void *private_data;
 };
 

diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c
index 5d4180aa7cc4a384032121e775eb3433e8fee8a7..22663b6ecc8bffcca5279adbd27e8ed9a8a6ac5f 100644 (file)
--- a/source4/kdc/kdc-service-mit.c
+++ b/source4/kdc/kdc-service-mit.c
@@ -291,8 +291,8 @@ NTSTATUS mitkdc_task_init(struct task_server *task)
                return NT_STATUS_INTERNAL_ERROR;
        }
 
-       kdc->keytab_name = talloc_asprintf(kdc, "KDB:");
-       if (kdc->keytab_name == NULL) {
+       kdc->kpasswd_keytab_name = talloc_asprintf(kdc, "KDB:");
+       if (kdc->kpasswd_keytab_name == NULL) {
                task_server_terminate(task,
                                      "KDC: Out of memory",
                                      true);

diff --git a/source4/kdc/kpasswd-service.c b/source4/kdc/kpasswd-service.c
index b4706de1ad7e1ad49813a9f2f868c2f05ffca3e3..0d2acd8d9e8d288e3c9cac1abcc329c653349a1f 100644 (file)
--- a/source4/kdc/kpasswd-service.c
+++ b/source4/kdc/kpasswd-service.c
@@ -167,7 +167,7 @@ kdc_code kpasswd_process(struct kdc_server *kdc,
 
        rv = cli_credentials_set_keytab_name(server_credentials,
                                             kdc->task->lp_ctx,
-                                            kdc->keytab_name,
+                                            kdc->kpasswd_keytab_name,
                                             CRED_SPECIFIED);
        if (rv != 0) {
                DBG_ERR("Failed to set credentials keytab name\n");