summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-02-17 11:52:46 +1100
committerAndrew Bartlett <abartlet@samba.org>2011-02-17 06:40:53 +0100
commit5c12cb0556aeeaa8882c7b12a281728bf8d556f6 (patch)
tree6faffb3301932aa5d07adad25a7df5dabffd1750
parent0dec840677779a3d86137bb307f57b35f7392d51 (diff)
downloadsamba-5c12cb0556aeeaa8882c7b12a281728bf8d556f6.tar.gz
samba-5c12cb0556aeeaa8882c7b12a281728bf8d556f6.tar.bz2
samba-5c12cb0556aeeaa8882c7b12a281728bf8d556f6.zip
heimdal Pass F_CANON down to the hdb layer for servers in AS-REP as well
This fixes Win2003 domain logons against Samba4, which need a canonicalised reply, and helpfully do set that flag. Specifically, they need that realm in krbtgt/realm@realm that these both match exactly in the reply. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Feb 17 06:40:53 CET 2011 on sn-devel-104
-rw-r--r--source4/heimdal/kdc/kerberos5.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 394f4dec67..a437b9dbd9 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -1000,9 +1000,8 @@ _kdc_as_rep(krb5_context context,
ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
goto out;
}
-
ret = _kdc_db_fetch(context, config, server_princ,
- HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
+ HDB_F_GET_SERVER|HDB_F_GET_KRBTGT | flags,
NULL, NULL, &server);
if(ret == HDB_ERR_NOT_FOUND_HERE) {
kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", server_name);