| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | CVE-2022-32742: s4: torture: Add raw.write.bad-write test. | Jeremy Allison | 2022-07-24 | 1 | -0/+89 |
| * | CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets | Joseph Sutton | 2022-07-24 | 4 | -0/+48 |
| * | CVE-2022-2031 s4:auth: Use PAC to determine whether ticket is a TGT | Joseph Sutton | 2022-07-24 | 1 | -0/+44 |
| * | CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and auth_sessi... | Joseph Sutton | 2022-07-24 | 4 | -5/+7 |
| * | CVE-2022-32744 s4:kpasswd: Ensure we pass the kpasswd server principal into k... | Joseph Sutton | 2022-07-24 | 1 | -0/+30 |
| * | CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal | Joseph Sutton | 2022-07-24 | 3 | -1/+70 |
| * | s4:kdc: Remove kadmin mode from HDB plugin | Joseph Sutton | 2022-07-24 | 1 | -28/+7 |
| * | CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name | Joseph Sutton | 2022-07-24 | 4 | -6/+6 |
| * | CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal components | Joseph Sutton | 2022-07-24 | 1 | -5/+22 |
| * | CVE-2022-2031 s4:kdc: Reject tickets during the last two minutes of their life | Joseph Sutton | 2022-07-24 | 1 | -1/+18 |
| * | CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or less | Joseph Sutton | 2022-07-24 | 3 | -1/+8 |
| * | CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principal | Joseph Sutton | 2022-07-24 | 1 | -38/+46 |
| * | CVE-2022-2031 s4:kdc: Refactor samba_kdc_get_entry_principal() | Joseph Sutton | 2022-07-24 | 1 | -61/+55 |
| * | CVE-2022-2031 s4:kdc: Split out a samba_kdc_get_entry_principal() function | Joseph Sutton | 2022-07-24 | 1 | -85/+107 |
| * | CVE-2022-2031 s4:kdc: Implement is_kadmin_changepw() helper function | Andreas Schneider | 2022-07-24 | 1 | -5/+11 |
| * | s4:kpasswd: Restructure code for clarity | Joseph Sutton | 2022-07-24 | 1 | -24/+22 |
| * | CVE-2022-2031 s4:kpasswd: Require an initial ticket | Joseph Sutton | 2022-07-24 | 3 | -0/+35 |
| * | CVE-2022-2031 gensec_krb5: Add helper function to check if client sent an ini... | Joseph Sutton | 2022-07-24 | 5 | -18/+157 |
| * | CVE-2022-2031 s4:kpasswd: Return a kpasswd error code in KRB-ERROR | Joseph Sutton | 2022-07-24 | 1 | -1/+1 |
| * | CVE-2022-2031 s4:kpasswd: Don't return AP-REP on failure | Joseph Sutton | 2022-07-24 | 1 | -0/+2 |
| * | CVE-2022-2031 s4:kpasswd: Correctly generate error strings | Joseph Sutton | 2022-07-24 | 1 | -7/+6 |
| * | CVE-2022-2031 tests/krb5: Add tests for kpasswd service | Joseph Sutton | 2022-07-24 | 1 | -0/+4 |
| * | CVE-2022-32744 selftest: Specify Administrator kvno for Python krb5 tests | Joseph Sutton | 2022-07-24 | 1 | -0/+1 |
| * | CVE-2022-2031 s4:kpasswd: Add MIT fallback for decoding setpw structure | Joseph Sutton | 2022-07-24 | 1 | -15/+79 |
| * | CVE-2022-2031 s4:kpasswd: Account for missing target principal | Joseph Sutton | 2022-07-24 | 1 | -10/+12 |
| * | heimdal:kdc: Accommodate NULL data parameter in krb5_pac_get_buffer() | Joseph Sutton | 2022-07-24 | 1 | -4/+6 |
| * | CVE-2022-2031 s4:kdc: Add MIT support for ATTRIBUTES_INFO and REQUESTER_SID P... | Joseph Sutton | 2022-07-24 | 3 | -5/+94 |
| * | selftest: Simplify krb5 test environments | Joseph Sutton | 2022-07-24 | 1 | -156/+35 |
| * | kdc: Canonicalize realm for enterprise principals | Joseph Sutton | 2022-07-24 | 1 | -13/+11 |
| * | kdc: Require that PAC_REQUESTER_SID buffer is present for TGTs | Joseph Sutton | 2022-07-24 | 1 | -0/+6 |
| * | heimdal:kdc: Do not generate extra PAC buffers for S4U2Self service ticket | Joseph Sutton | 2022-07-24 | 5 | -7/+16 |
| * | selftest: Properly check extra PAC buffers with Heimdal | Joseph Sutton | 2022-07-24 | 1 | -1/+1 |
| * | heimdal:kdc: Always generate a PAC for S4U2Self | Joseph Sutton | 2022-07-24 | 1 | -6/+7 |
| * | kdc: Remove PAC_TYPE_ATTRIBUTES_INFO from RODC-issued tickets | Joseph Sutton | 2022-07-24 | 1 | -1/+1 |
| * | kdc: Don't include extra PAC buffers in service tickets | Joseph Sutton | 2022-07-24 | 1 | -10/+21 |
| * | Revert "CVE-2020-25719 s4/torture: Expect additional PAC buffers" | Joseph Sutton | 2022-07-24 | 1 | -22/+2 |
| * | kdc: Always add the PAC if the header TGT is from an RODC | Joseph Sutton | 2022-07-24 | 1 | -1/+1 |
| * | kdc: Match Windows error code for mismatching sname | Joseph Sutton | 2022-07-24 | 1 | -1/+1 |
| * | kdc: Adjust SID mismatch error code to match Windows | Joseph Sutton | 2022-07-24 | 1 | -5/+1 |
| * | heimdal:kdc: Adjust no-PAC error code to match Windows | Joseph Sutton | 2022-07-24 | 1 | -1/+1 |
| * | s4:torture: Fix typo | Joseph Sutton | 2022-07-24 | 1 | -1/+1 |
| * | heimdal:kdc: Fix error message for user-to-user | Joseph Sutton | 2022-07-24 | 1 | -1/+1 |
| * | tests/krb5: Align PAC buffer checking to more closely match Windows with PacR... | Joseph Sutton | 2022-07-24 | 1 | -19/+39 |
| * | selftest: Check received LDB error code when STRICT_CHECKING=0 | Joseph Sutton | 2022-07-24 | 1 | -1/+1 |
| * | s4:kdc: Also cannoicalize krbtgt principals when enforcing canonicalization | Andreas Schneider | 2022-07-24 | 1 | -1/+1 |
| * | s4:mit-kdb: Force canonicalization for looking up principals | Isaac Boukris | 2022-07-24 | 4 | -1/+16 |
| * | CVE-2022-32745 s4/dsdb/util: Correctly copy values into message element | Joseph Sutton | 2022-07-24 | 1 | -1/+1 |
| * | CVE-2022-32745 s4/dsdb/util: Don't call memcpy() with a NULL pointer | Joseph Sutton | 2022-07-24 | 1 | -4/+8 |
| * | CVE-2022-32745 s4/dsdb/util: Use correct value for loop count limit | Joseph Sutton | 2022-07-24 | 1 | -1/+1 |
| * | CVE-2022-32745 s4/dsdb/samldb: Check for empty values array | Joseph Sutton | 2022-07-24 | 1 | -2/+2 |
