summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-07-25 10:06:47 +0200
committerStefan Metzmacher <metze@samba.org>2011-07-26 03:25:06 +0200
commit51b94ab3fd4d13ee38813eb7d20db11edaa667a8 (patch)
tree38a6ce1c7f679e1344c944e8ae7fe888d71be9f8
parent0b29853fd7383114fd398b531371c96f874e68d6 (diff)
downloadsamba-51b94ab3fd4d13ee38813eb7d20db11edaa667a8.tar.gz
samba-51b94ab3fd4d13ee38813eb7d20db11edaa667a8.tar.bz2
samba-51b94ab3fd4d13ee38813eb7d20db11edaa667a8.zip
s4:kdc: canonicalize the principal if HDB_F_FOR_TGS_REQ is given
Windows seems to always canonicalize the principal in TGS replies. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jul 26 03:25:06 CEST 2011 on sn-devel-104
-rw-r--r--source4/kdc/db-glue.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 080cf70bd8..88fecdd5ab 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1170,7 +1170,12 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
return HDB_ERR_NOENTRY;
}
- if (flags & HDB_F_CANON) {
+ /*
+ * Windows seems to canonicalize the principal
+ * in a TGS REP even if the client did not specify
+ * the canonicalize flag.
+ */
+ if (flags & HDB_F_CANON|HDB_F_FOR_TGS_REQ) {
ret = krb5_copy_principal(context, principal, &alloc_principal);
if (ret) {
return ret;
@@ -1192,7 +1197,7 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
ret = samba_kdc_message2entry(context, kdc_db_ctx, mem_ctx,
principal, SAMBA_KDC_ENT_TYPE_KRBTGT,
flags, realm_dn, msg, entry_ex);
- if (flags & HDB_F_CANON) {
+ if (alloc_principal) {
/* This is again copied in the message2entry call */
krb5_free_principal(context, alloc_principal);
}