summaryrefslogtreecommitdiff
path: root/source4/heimdal/kdc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-11-27 02:02:44 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:46:48 -0500
commitef9ec9583d2efa78220edd65bd93ead955792b3e (patch)
treeceb1db3a20eea16762dafdce39760715d4650655 /source4/heimdal/kdc
parenteb4fbaeee283a517cdb778bde9aba5a26d31334d (diff)
downloadsamba-ef9ec9583d2efa78220edd65bd93ead955792b3e.tar.gz
samba-ef9ec9583d2efa78220edd65bd93ead955792b3e.tar.bz2
samba-ef9ec9583d2efa78220edd65bd93ead955792b3e.zip
r11930: Add socket/packet handling code for kpasswdd
Allow ticket requests with only a netbios name to be considered 'null' addresses, and therefore allowed by default. Use the netbios address as the workstation name for the allowed workstations check with krb5. Andrew Bartlett (This used to be commit 328fa186f2df5cdd42be679d92b5f07f7ed22d87)
Diffstat (limited to 'source4/heimdal/kdc')
-rw-r--r--source4/heimdal/kdc/kerberos5.c20
1 files changed, 18 insertions, 2 deletions
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 3577a14e5f..ccfa35b638 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -758,11 +758,27 @@ check_addresses(krb5_context context,
krb5_error_code ret;
krb5_address addr;
krb5_boolean result;
-
+ krb5_boolean only_netbios = TRUE;
+ int i;
+
if(config->check_ticket_addresses == 0)
return TRUE;
- if(addresses == NULL)
+ if(addresses == NULL)
+ return config->allow_null_ticket_addresses;
+
+ for (i = 0; i < addresses->len; ++i) {
+ if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
+ only_netbios = FALSE;
+ }
+ }
+
+ /* Windows sends it's netbios name, which I can only assume is
+ * used for the 'allowed workstations' check. This is painful, but
+ * we still want to check IP addresses if they happen to be
+ * present. */
+
+ if(only_netbios)
return config->allow_null_ticket_addresses;
ret = krb5_sockaddr2address (context, from, &addr);