diff options
author | Nicolas Williams <nico@cryptonector.com> | 2011-10-11 23:57:58 -0500 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-07 19:35:14 +0100 |
commit | 2be27ec1d7f3bfcdcac65bca1db53772535fe7bf (patch) | |
tree | 631597498f7fefe25113132053a45cd9350e71ad | |
parent | 73c7c6ec9bc3a1993e766f119e9e29905ded5e28 (diff) | |
download | samba-2be27ec1d7f3bfcdcac65bca1db53772535fe7bf.tar.gz |
CVE-2022-45141 source4/heimdal: Fix TGS ticket enc-part key selection
When I added support for configuring how the KDC selects session,
reply, and ticket enc-part keys I accidentally had the KDC use the
session key selection algorithm for selecting the ticket enc-part
key. This becomes a problem when using a Heimdal KDC with an MIT
KDB as the HDB backend and when the krbtgt keys are not in
strongest-to-weakest order, in which case forwardable tickets minted
by the Heimdal KDC will not be accepted by MIT KDCs with the same
KDB.
(cherry picked from Heimdal commit 12cd2c9cbd1ca027a3ef9ac7ab3e79526b1348ae)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15214
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | source4/heimdal/kdc/krb5tgs.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 15be136496f..7391393e4b6 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1665,17 +1665,14 @@ server_lookup: } else { Key *skey; - ret = _kdc_find_etype(context, - config->tgs_use_strongest_session_key, FALSE, - server, b->etype.val, b->etype.len, NULL, - &skey); + ret = _kdc_get_preferred_key(context, config, server, spn, + &etype, &skey); if(ret) { kdc_log(context, config, 0, "Server (%s) has no support for etypes", spn); goto out; } ekey = &skey->key; - etype = skey->key.keytype; kvno = server->entry.kvno; } |