summaryrefslogtreecommitdiff
path: root/source3/libads
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2006-08-31 18:32:23 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:39:44 -0500
commite53dfa1f4a1162b814ea7dc23c7c603d1c6c4908 (patch)
tree760913720db2f57c5f32f46cd065c6b9b529ddbf /source3/libads
parent305ceade3905dad45eac2f407dd8f56a9979cf1c (diff)
downloadsamba-e53dfa1f4a1162b814ea7dc23c7c603d1c6c4908.tar.gz
samba-e53dfa1f4a1162b814ea7dc23c7c603d1c6c4908.tar.bz2
samba-e53dfa1f4a1162b814ea7dc23c7c603d1c6c4908.zip
r17971: Disable storing SIDs in the S-1-22-1 and S-1-22-2 domain to the SID<->uid/gid cache. FIxes a bug in token creation
(This used to be commit fa05708789654a8a34cb4a4068514a0b3d950653)
Diffstat (limited to 'source3/libads')
-rw-r--r--source3/libads/kerberos_verify.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 3aa0860809..cff007db47 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -376,13 +376,15 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
goto out;
}
- if (lp_use_kerberos_keytab()) {
+ /* always check secrets first in order to prevent hitting the
+ keytab until really necessary */
+
+ auth_ok = ads_secrets_verify_ticket(context, auth_context, host_princ,
+ ticket, &packet, &tkt, &keyblock);
+
+ if (!auth_ok && lp_use_kerberos_keytab()) {
auth_ok = ads_keytab_verify_ticket(context, auth_context, ticket, &packet, &tkt, &keyblock);
}
- if (!auth_ok) {
- auth_ok = ads_secrets_verify_ticket(context, auth_context, host_princ,
- ticket, &packet, &tkt, &keyblock);
- }
release_server_mutex();
got_replay_mutex = False;