diff options
author | Stefan Metzmacher <metze@samba.org> | 2022-11-30 09:39:19 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-14 10:28:17 +0000 |
commit | cdc71cfd273fed0d7907f05897a77335dee374e1 (patch) | |
tree | 0d2eb25b928ef1a4d9e604ba7e1bc55566d97c57 | |
parent | 4477651a0de470f826cc548b78feb14305a6ba2b (diff) | |
download | samba-cdc71cfd273fed0d7907f05897a77335dee374e1.tar.gz |
CVE-2022-37966 s4:kdc: apply restrictions of "kdc supported enctypes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit cca3c024fc514bee79bb60a686e470605cc98d6f)
-rw-r--r-- | source4/kdc/db-glue.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 0b07961f838..a3affdde52d 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -1008,7 +1008,11 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, * but effectively restricted by kdc_enctypes */ uint32_t domain_enctypes = ENC_RC4_HMAC_MD5 | ENC_RSA_MD5 | ENC_CRC32; - uint32_t kdc_enctypes = ENC_ALL_TYPES; + uint32_t config_kdc_enctypes = lpcfg_kdc_supported_enctypes(lp_ctx); + uint32_t kdc_enctypes = + config_kdc_enctypes != 0 ? + config_kdc_enctypes : + ENC_ALL_TYPES; const char *samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL); computer_val.data = discard_const_p(uint8_t,"computer"); computer_val.length = strlen((const char *)computer_val.data); @@ -1541,7 +1545,11 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, uint32_t supported_enctypes = ENC_RC4_HMAC_MD5; uint32_t pa_supported_enctypes; uint32_t supported_session_etypes; - uint32_t kdc_enctypes = ENC_ALL_TYPES; + uint32_t config_kdc_enctypes = lpcfg_kdc_supported_enctypes(lp_ctx); + uint32_t kdc_enctypes = + config_kdc_enctypes != 0 ? + config_kdc_enctypes : + ENC_ALL_TYPES; struct lsa_TrustDomainInfoInfoEx *tdo = NULL; NTSTATUS status; |