File _service:tar_scm_kernel_repo:backport-0022-CVE-... of Package samba

File _service:tar_scm_kernel_repo:backport-0022-CVE-2022-2031-CVE-2022-32744.patch of Package samba

From 49aafce0a705d47ffd4753ce6c6f452c4f7aa882 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 24 Nov 2021 20:41:54 +1300
Subject: [PATCH 50/99] kdc: Require that PAC_REQUESTER_SID buffer is present
 for TGTs

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 30 03:33:26 UTC 2021 on sn-devel-184

(cherry picked from commit 38c5bad4a853b19fe9a51fb059e150b153c4632a)
Conflict: remove selftest/knownfail_heimdal_kdc
---
 source4/kdc/wdc-samba4.c       | 6 ++++++
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
index b1d011c09a9..d7ce34fb3a9 100644
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -459,6 +459,12 @@ static krb5_error_code samba_wdc_reget_pac2(krb5_context context,
 		talloc_free(mem_ctx);
 		return EINVAL;
 	}
+	if (delegated_proxy_principal == NULL && requester_sid_idx == -1) {
+		DEBUG(1, ("PAC_TYPE_REQUESTER_SID missing\n"));
+		SAFE_FREE(types);
+		talloc_free(mem_ctx);
+		return KRB5KDC_ERR_TGT_REVOKED;
+	}
 
 	/*
 	 * The server account may be set not to want the PAC.
-- 
2.25.1