freeipa

Clone
Source Code
GIT

879ef1b ipa-kdb: add support for PAC_REQUESTER_SID buffer

2 files Authored by abbra 2 years ago, Committed by rcritten 2 years ago,
raw patch tree parent
2 files changed. 134 lines added. 4 lines removed.
daemons/ipa-kdb/ipa_kdb_mspac.c
file modified
+127 -4
server.m4
file modified
+7 -0 
    ipa-kdb: add support for PAC_REQUESTER_SID buffer
    
    CVE-2020-25721 mitigation: KDC must provide the new PAC_REQUESTER_SID
    buffer with ObjectSID value associated with the requester's principal.
    
    The mitigation only works if NDR library supports the PAC_REQUESTER_SID
    buffer type. In case we cannot detect it at compile time, a warning will
    be displayed at configure stage.
    
    Fixes: https://pagure.io/freeipa/issue/9031
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
file modified
+127 -4
file modified
+7 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.