diff options
author | Stefan Metzmacher <metze@samba.org> | 2022-11-30 09:39:19 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-14 00:48:49 +0100 |
commit | 89b1c78b520f32e54e8a025511908b06158deef0 (patch) | |
tree | d593ede2c73e095c0d67097dfef761d2d1f76840 | |
parent | 18996e9971224210aa50cff9796c805dc594c296 (diff) | |
download | samba-89b1c78b520f32e54e8a025511908b06158deef0.tar.gz |
CVE-2022-37966 s4:kdc: apply restrictions of "kdc supported enctypes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit cca3c024fc514bee79bb60a686e470605cc98d6f)
-rw-r--r-- | source4/kdc/db-glue.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index ae32634735d..7eab2c33149 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -970,7 +970,11 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, * but effectively restricted by kdc_enctypes */ uint32_t domain_enctypes = ENC_RC4_HMAC_MD5 | ENC_RSA_MD5 | ENC_CRC32; - uint32_t kdc_enctypes = ENC_ALL_TYPES; + uint32_t config_kdc_enctypes = lpcfg_kdc_supported_enctypes(lp_ctx); + uint32_t kdc_enctypes = + config_kdc_enctypes != 0 ? + config_kdc_enctypes : + ENC_ALL_TYPES; const char *samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL); computer_val.data = discard_const_p(uint8_t,"computer"); computer_val.length = strlen((const char *)computer_val.data); @@ -1490,7 +1494,11 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, uint32_t supported_enctypes = ENC_RC4_HMAC_MD5; uint32_t pa_supported_enctypes; uint32_t supported_session_etypes; - uint32_t kdc_enctypes = ENC_ALL_TYPES; + uint32_t config_kdc_enctypes = lpcfg_kdc_supported_enctypes(lp_ctx); + uint32_t kdc_enctypes = + config_kdc_enctypes != 0 ? + config_kdc_enctypes : + ENC_ALL_TYPES; struct lsa_TrustDomainInfoInfoEx *tdo = NULL; NTSTATUS status; |