diff options
author | Andrew Bartlett <abartlet@samba.org> | 2022-11-01 15:20:47 +1300 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-13 13:07:30 +0000 |
commit | 975e43fc45531fdea14b93a3b1529b3218a177e6 (patch) | |
tree | a436a898c2d681eef51bb13f98cfca24f7524a43 /librpc | |
parent | 44802c46b18caf3c7f9f2fb1b66025fc30e22ac5 (diff) | |
download | samba-975e43fc45531fdea14b93a3b1529b3218a177e6.tar.gz |
CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added
ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this
CVE to indicate that additionally, AES session keys are available. We
set the etypes available for session keys depending on the encryption
types that are supported by the principal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'librpc')
-rw-r--r-- | librpc/idl/netlogon.idl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index 6756cc538f2..e563e114900 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -16,6 +16,7 @@ cpp_quote("#define ENC_RSA_MD5 KERB_ENCTYPE_DES_CBC_MD5") cpp_quote("#define ENC_RC4_HMAC_MD5 KERB_ENCTYPE_RC4_HMAC_MD5") cpp_quote("#define ENC_HMAC_SHA1_96_AES128 KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96") cpp_quote("#define ENC_HMAC_SHA1_96_AES256 KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96") +cpp_quote("#define ENC_HMAC_SHA1_96_AES256_SK KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96_SK") cpp_quote("#define ENC_FAST_SUPPORTED KERB_ENCTYPE_FAST_SUPPORTED") cpp_quote("#define ENC_COMPOUND_IDENTITY_SUPPORTED KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED") cpp_quote("#define ENC_CLAIMS_SUPPORTED KERB_ENCTYPE_CLAIMS_SUPPORTED") |