summaryrefslogtreecommitdiff
path: root/source4/kdc
Commit message (Expand)AuthorAgeFilesLines
* CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd ticketsJoseph Sutton2022-07-244-0/+48
* CVE-2022-32744 s4:kpasswd: Ensure we pass the kpasswd server principal into k...Joseph Sutton2022-07-241-0/+30
* CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principalJoseph Sutton2022-07-243-1/+70
* s4:kdc: Remove kadmin mode from HDB pluginJoseph Sutton2022-07-241-28/+7
* CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_nameJoseph Sutton2022-07-244-6/+6
* CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal componentsJoseph Sutton2022-07-241-5/+22
* CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or lessJoseph Sutton2022-07-243-1/+8
* CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principalJoseph Sutton2022-07-241-38/+46
* CVE-2022-2031 s4:kdc: Refactor samba_kdc_get_entry_principal()Joseph Sutton2022-07-241-61/+55
* CVE-2022-2031 s4:kdc: Split out a samba_kdc_get_entry_principal() functionJoseph Sutton2022-07-241-85/+107
* CVE-2022-2031 s4:kdc: Implement is_kadmin_changepw() helper functionAndreas Schneider2022-07-241-5/+11
* s4:kpasswd: Restructure code for clarityJoseph Sutton2022-07-241-24/+22
* CVE-2022-2031 s4:kpasswd: Require an initial ticketJoseph Sutton2022-07-243-0/+35
* CVE-2022-2031 s4:kpasswd: Return a kpasswd error code in KRB-ERRORJoseph Sutton2022-07-241-1/+1
* CVE-2022-2031 s4:kpasswd: Don't return AP-REP on failureJoseph Sutton2022-07-241-0/+2
* CVE-2022-2031 s4:kpasswd: Correctly generate error stringsJoseph Sutton2022-07-241-7/+6
* CVE-2022-2031 s4:kpasswd: Add MIT fallback for decoding setpw structureJoseph Sutton2022-07-241-15/+79
* CVE-2022-2031 s4:kpasswd: Account for missing target principalJoseph Sutton2022-07-241-10/+12
* CVE-2022-2031 s4:kdc: Add MIT support for ATTRIBUTES_INFO and REQUESTER_SID P...Joseph Sutton2022-07-243-5/+94
* kdc: Canonicalize realm for enterprise principalsJoseph Sutton2022-07-241-13/+11
* kdc: Require that PAC_REQUESTER_SID buffer is present for TGTsJoseph Sutton2022-07-241-0/+6
* heimdal:kdc: Do not generate extra PAC buffers for S4U2Self service ticketJoseph Sutton2022-07-241-3/+8
* kdc: Remove PAC_TYPE_ATTRIBUTES_INFO from RODC-issued ticketsJoseph Sutton2022-07-241-1/+1
* kdc: Don't include extra PAC buffers in service ticketsJoseph Sutton2022-07-241-10/+21
* kdc: Always add the PAC if the header TGT is from an RODCJoseph Sutton2022-07-241-1/+1
* kdc: Match Windows error code for mismatching snameJoseph Sutton2022-07-241-1/+1
* kdc: Adjust SID mismatch error code to match WindowsJoseph Sutton2022-07-241-5/+1
* s4:kdc: Also cannoicalize krbtgt principals when enforcing canonicalizationAndreas Schneider2022-07-241-1/+1
* s4:mit-kdb: Force canonicalization for looking up principalsIsaac Boukris2022-07-243-1/+15
* s4:kdc: strictly have 2 16-bit parts in krbtgt kvnosStefan Metzmacher2022-03-291-8/+43
* s4:kdc: redirect pre-authentication failured to an RWDCStefan Metzmacher2022-03-181-64/+15
* s4:kdc: don't set mapped_state in auth_usersupplied_info for audit loggingStefan Metzmacher2022-03-161-1/+0
* CVE-2020-25722 kdc: Do not honour a request for a 3-part SPN (ending in our d...Andrew Bartlett2021-11-081-0/+23
* CVE-2020-25719 s4:kdc: Add KDC support for PAC_REQUESTER_SID PAC bufferJoseph Sutton2021-11-084-18/+185
* CVE-2020-25721 auth: Fill in the new HAS_SAM_NAME_AND_SID valuesAndrew Bartlett2021-11-081-0/+8
* CVE-2020-25719 kdc: Avoid races and multiple DB lookups in s4u2self checkAndrew Bartlett2021-11-083-69/+33
* CVE-2020-25718 kdc: Return ERR_POLICY if RODC krbtgt account is invalidJoseph Sutton2021-11-082-3/+7
* CVE-2020-25718 kdc: Confirm the RODC was allowed to issue a particular ticketAndrew Bartlett2021-11-084-12/+153
* CVE-2020-25718 kdc: Remove unused samba_kdc_get_pac_blob()Andrew Bartlett2021-11-082-24/+0
* CVE-2020-25719 s4:kdc: Add KDC support for PAC_ATTRIBUTES_INFO PAC bufferJoseph Sutton2021-11-084-10/+199
* CVE-2020-25719 s4:kdc: Check if the pac is valid before updating itAndreas Schneider2021-11-082-0/+26
* CVE-2020-25719 s4:kdc: Add samba_kdc_validate_pac_blob()Andreas Schneider2021-11-082-0/+61
* CVE-2020-25719 s4:kdc: Remove trailing spaces in pac-glue.cAndreas Schneider2021-11-081-3/+3
* CVE-2020-25719 mit_samba: Create the talloc context earlierAndreas Schneider2021-11-081-8/+12
* CVE-2020-25719 mit_samba: The samba_princ_needs_pac check should be on the se...Andreas Schneider2021-11-081-0/+12
* CVE-2020-25719 mit-samba: Rework PAC handling in kdb_samba_db_sign_auth_data()Andreas Schneider2021-11-081-25/+91
* CVE-2020-25719 mit-samba: Handle no DB entry in mit_samba_get_pac()Andreas Schneider2021-11-081-0/+4
* CVE-2020-25719 mit-samba: Add mit_samba_princ_needs_pac()Andreas Schneider2021-11-082-0/+10
* CVE-2020-25719 mit-samba: If we use client_princ, always lookup the db entryAndreas Schneider2021-11-081-6/+75
* CVE-2020-25719 mit-samba: Add ks_free_principal()Andreas Schneider2021-11-082-0/+54
View Lorry Controller Status