3e197ecbee
Assists Samba to address CVE-2020-25719 Again, this may be contary to RFC4120 3.3.3 https://datatracker.ietf.org/doc/html/rfc4120/#section-3.3.3 (clearer at the GSS spec here: https://datatracker.ietf.org/doc/html/draft-swift-win2k-krb-user2user-03 ) as server-name is decribed as optional, however Windows AD and Samba both require that the server-name exist and be a valid SPN matching the provided TGT. The lookup of SPN -> entry ensures that the SPN the client thought it was connecting to was held by the target server. it could be the typical user principal, or a service principal, but needs to be checked for the client not to be fooled into connecting to the wrong service. The check is the same as needed for S4U2Self so the same HDB hook is re-used. Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873 (Similar to Samba commit f08e6ac86226dcd939fd0e40b6f7dc80c5c00e79)
Heimdal
Heimdal is an implementation of:
- ASN.1/DER,
- PKIX, and
- Kerberos.
For information how to install see here.
There are man pages for most of the commands.
Bug reports and bugs are appreciated. Use GitHub issues.
For more information see the project homepage https://heimdal.software/heimdal/ or the mailing lists:
heimdal-announce@heimdal.software low-volume announcement heimdal-discuss@heimdal.software high-volume discussion
send mail to heimdal-announce-subscribe@heimdal.software and heimdal-discuss-subscribe@heimdal.software respectively to subscribe.
Build Status