freeipa

Clone
Source Code
GIT

4cafdac ipa-kdb: add support for PAC_UPN_DNS_INFO_EX

2 files Authored by abbra 2 years ago, Committed by rcritten 2 years ago,
raw patch tree parent
2 files changed. 46 lines added. 2 lines removed.
daemons/ipa-kdb/ipa_kdb_mspac.c
file modified
+39 -2
server.m4
file modified
+7 -0 
    ipa-kdb: add support for PAC_UPN_DNS_INFO_EX
    
    CVE-2020-25721 mitigation: KDC must provide the new HAS_SAM_NAME_AND_SID
    buffer with sAMAccountName and ObjectSID values associated with the
    principal.
    
    The mitigation only works if NDR library supports the
    PAC_UPN_DNS_INFO_EX buffer type. In case we cannot detect it at compile
    time, a warning will be displayed at configure stage.
    
    Fixes: https://pagure.io/freeipa/issue/9031
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
file modified
+39 -2
file modified
+7 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.