diff options
author | Andreas Schneider <asn@samba.org> | 2022-05-24 09:54:18 +0200 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2022-07-24 11:42:02 +0200 |
commit | 36d94ffb9c99f3e515024424020e3e03e98f34f5 (patch) | |
tree | a32051f56c8eeeb33aac37053fa01a81c87f5040 | |
parent | 91a1b0955a053f73e6d531f0f12eaa604aca79d7 (diff) | |
download | samba-36d94ffb9c99f3e515024424020e3e03e98f34f5.tar.gz |
CVE-2022-2031 s4:kdc: Implement is_kadmin_changepw() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
[jsutton@samba.org Adapted entry to entry_ex->entry]
-rw-r--r-- | source4/kdc/db-glue.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 5752ffb821c..45159e6e64d 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -816,6 +816,14 @@ static int principal_comp_strcmp(krb5_context context, component, string, false); } +static bool is_kadmin_changepw(krb5_context context, + krb5_const_principal principal) +{ + return krb5_princ_size(context, principal) == 2 && + (principal_comp_strcmp(context, principal, 0, "kadmin") == 0) && + (principal_comp_strcmp(context, principal, 1, "changepw") == 0); +} + /* * Construct an hdb_entry from a directory entry. */ @@ -1110,11 +1118,9 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, * 'change password', as otherwise we could get into * trouble, and not enforce the password expirty. * Instead, only do it when request is for the kpasswd service */ - if (ent_type == SAMBA_KDC_ENT_TYPE_SERVER - && krb5_princ_size(context, principal) == 2 - && (principal_comp_strcmp(context, principal, 0, "kadmin") == 0) - && (principal_comp_strcmp(context, principal, 1, "changepw") == 0) - && lpcfg_is_my_domain_or_realm(lp_ctx, realm)) { + if (ent_type == SAMBA_KDC_ENT_TYPE_SERVER && + is_kadmin_changepw(context, principal) && + lpcfg_is_my_domain_or_realm(lp_ctx, realm)) { entry_ex->entry.flags.change_pw = 1; } |