index
:
delta/samba.git
master
old-v4-0-stable
old-v4-0-test
v3-0-stable
v3-0-test
v3-2-stable
v3-2-test
v3-3-stable
v3-3-test
v3-4-stable
v3-4-test
v3-5-stable
v3-5-test
v3-6-stable
v3-6-test
v3-devel
v4-0-stable
v4-0-test
v4-1-stable
v4-1-test
v4-10-stable
v4-10-test
v4-11-stable
v4-11-test
v4-12-stable
v4-12-test
v4-13-stable
v4-13-test
v4-14-stable
v4-14-test
v4-15-stable
v4-15-test
v4-16-stable
v4-16-test
v4-17-stable
v4-17-test
v4-18-stable
v4-18-test
v4-2-stable
v4-2-test
v4-3-stable
v4-3-test
v4-4-stable
v4-4-test
v4-5-stable
v4-5-test
v4-6-stable
v4-6-test
v4-7-stable
v4-7-test
v4-8-stable
v4-8-test
v4-9-stable
v4-9-test
git.samba.org: samba.git
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
source4
/
kdc
Commit message (
Expand
)
Author
Age
Files
Lines
*
CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets
Joseph Sutton
2022-07-24
4
-0
/
+48
*
CVE-2022-32744 s4:kpasswd: Ensure we pass the kpasswd server principal into k...
Joseph Sutton
2022-07-24
1
-0
/
+30
*
CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal
Joseph Sutton
2022-07-24
3
-1
/
+70
*
s4:kdc: Remove kadmin mode from HDB plugin
Joseph Sutton
2022-07-24
1
-28
/
+7
*
CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name
Joseph Sutton
2022-07-24
4
-6
/
+6
*
CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal components
Joseph Sutton
2022-07-24
1
-5
/
+22
*
CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or less
Joseph Sutton
2022-07-24
3
-1
/
+8
*
CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principal
Joseph Sutton
2022-07-24
1
-38
/
+46
*
CVE-2022-2031 s4:kdc: Refactor samba_kdc_get_entry_principal()
Joseph Sutton
2022-07-24
1
-61
/
+55
*
CVE-2022-2031 s4:kdc: Split out a samba_kdc_get_entry_principal() function
Joseph Sutton
2022-07-24
1
-85
/
+107
*
CVE-2022-2031 s4:kdc: Implement is_kadmin_changepw() helper function
Andreas Schneider
2022-07-24
1
-5
/
+11
*
s4:kpasswd: Restructure code for clarity
Joseph Sutton
2022-07-24
1
-24
/
+22
*
CVE-2022-2031 s4:kpasswd: Require an initial ticket
Joseph Sutton
2022-07-24
3
-0
/
+35
*
CVE-2022-2031 s4:kpasswd: Return a kpasswd error code in KRB-ERROR
Joseph Sutton
2022-07-24
1
-1
/
+1
*
CVE-2022-2031 s4:kpasswd: Don't return AP-REP on failure
Joseph Sutton
2022-07-24
1
-0
/
+2
*
CVE-2022-2031 s4:kpasswd: Correctly generate error strings
Joseph Sutton
2022-07-24
1
-7
/
+6
*
CVE-2022-2031 s4:kpasswd: Add MIT fallback for decoding setpw structure
Joseph Sutton
2022-07-24
1
-15
/
+79
*
CVE-2022-2031 s4:kpasswd: Account for missing target principal
Joseph Sutton
2022-07-24
1
-10
/
+12
*
CVE-2022-2031 s4:kdc: Add MIT support for ATTRIBUTES_INFO and REQUESTER_SID P...
Joseph Sutton
2022-07-24
3
-5
/
+94
*
kdc: Canonicalize realm for enterprise principals
Joseph Sutton
2022-07-24
1
-13
/
+11
*
kdc: Require that PAC_REQUESTER_SID buffer is present for TGTs
Joseph Sutton
2022-07-24
1
-0
/
+6
*
heimdal:kdc: Do not generate extra PAC buffers for S4U2Self service ticket
Joseph Sutton
2022-07-24
1
-3
/
+8
*
kdc: Remove PAC_TYPE_ATTRIBUTES_INFO from RODC-issued tickets
Joseph Sutton
2022-07-24
1
-1
/
+1
*
kdc: Don't include extra PAC buffers in service tickets
Joseph Sutton
2022-07-24
1
-10
/
+21
*
kdc: Always add the PAC if the header TGT is from an RODC
Joseph Sutton
2022-07-24
1
-1
/
+1
*
kdc: Match Windows error code for mismatching sname
Joseph Sutton
2022-07-24
1
-1
/
+1
*
kdc: Adjust SID mismatch error code to match Windows
Joseph Sutton
2022-07-24
1
-5
/
+1
*
s4:kdc: Also cannoicalize krbtgt principals when enforcing canonicalization
Andreas Schneider
2022-07-24
1
-1
/
+1
*
s4:mit-kdb: Force canonicalization for looking up principals
Isaac Boukris
2022-07-24
3
-1
/
+15
*
s4:kdc: strictly have 2 16-bit parts in krbtgt kvnos
Stefan Metzmacher
2022-03-29
1
-8
/
+43
*
s4:kdc: redirect pre-authentication failured to an RWDC
Stefan Metzmacher
2022-03-18
1
-64
/
+15
*
s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging
Stefan Metzmacher
2022-03-16
1
-1
/
+0
*
CVE-2020-25722 kdc: Do not honour a request for a 3-part SPN (ending in our d...
Andrew Bartlett
2021-11-08
1
-0
/
+23
*
CVE-2020-25719 s4:kdc: Add KDC support for PAC_REQUESTER_SID PAC buffer
Joseph Sutton
2021-11-08
4
-18
/
+185
*
CVE-2020-25721 auth: Fill in the new HAS_SAM_NAME_AND_SID values
Andrew Bartlett
2021-11-08
1
-0
/
+8
*
CVE-2020-25719 kdc: Avoid races and multiple DB lookups in s4u2self check
Andrew Bartlett
2021-11-08
3
-69
/
+33
*
CVE-2020-25718 kdc: Return ERR_POLICY if RODC krbtgt account is invalid
Joseph Sutton
2021-11-08
2
-3
/
+7
*
CVE-2020-25718 kdc: Confirm the RODC was allowed to issue a particular ticket
Andrew Bartlett
2021-11-08
4
-12
/
+153
*
CVE-2020-25718 kdc: Remove unused samba_kdc_get_pac_blob()
Andrew Bartlett
2021-11-08
2
-24
/
+0
*
CVE-2020-25719 s4:kdc: Add KDC support for PAC_ATTRIBUTES_INFO PAC buffer
Joseph Sutton
2021-11-08
4
-10
/
+199
*
CVE-2020-25719 s4:kdc: Check if the pac is valid before updating it
Andreas Schneider
2021-11-08
2
-0
/
+26
*
CVE-2020-25719 s4:kdc: Add samba_kdc_validate_pac_blob()
Andreas Schneider
2021-11-08
2
-0
/
+61
*
CVE-2020-25719 s4:kdc: Remove trailing spaces in pac-glue.c
Andreas Schneider
2021-11-08
1
-3
/
+3
*
CVE-2020-25719 mit_samba: Create the talloc context earlier
Andreas Schneider
2021-11-08
1
-8
/
+12
*
CVE-2020-25719 mit_samba: The samba_princ_needs_pac check should be on the se...
Andreas Schneider
2021-11-08
1
-0
/
+12
*
CVE-2020-25719 mit-samba: Rework PAC handling in kdb_samba_db_sign_auth_data()
Andreas Schneider
2021-11-08
1
-25
/
+91
*
CVE-2020-25719 mit-samba: Handle no DB entry in mit_samba_get_pac()
Andreas Schneider
2021-11-08
1
-0
/
+4
*
CVE-2020-25719 mit-samba: Add mit_samba_princ_needs_pac()
Andreas Schneider
2021-11-08
2
-0
/
+10
*
CVE-2020-25719 mit-samba: If we use client_princ, always lookup the db entry
Andreas Schneider
2021-11-08
1
-6
/
+75
*
CVE-2020-25719 mit-samba: Add ks_free_principal()
Andreas Schneider
2021-11-08
2
-0
/
+54
[next]