diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-09-22 18:39:49 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:19:14 -0500 |
commit | 83558e822b9b1ea64ae89b77b2d815d19211d996 (patch) | |
tree | 2d627bc8675ab721d55b822bbdd7934ec00f6b5c /source4/heimdal/kdc | |
parent | daf51dfe26378e80d14c0b608c70a41b7e017e69 (diff) | |
download | samba-83558e822b9b1ea64ae89b77b2d815d19211d996.tar.gz samba-83558e822b9b1ea64ae89b77b2d815d19211d996.tar.bz2 samba-83558e822b9b1ea64ae89b77b2d815d19211d996.zip |
r18826: Allow 'enterprise' principal names to log in.
These principals do not need to be in the same realm as the rest of
the ticket, the full principal name is in the first componet of the
ASN.1.
Samba4's backend will handle getting this to the 'right' place.
Andrew Bartlett
(This used to be commit 90b01b8af21609e2e5c8b6bd8cab8bd393844acf)
Diffstat (limited to 'source4/heimdal/kdc')
-rw-r--r-- | source4/heimdal/kdc/524.c | 4 | ||||
-rw-r--r-- | source4/heimdal/kdc/kerberos4.c | 6 | ||||
-rw-r--r-- | source4/heimdal/kdc/kerberos5.c | 14 |
3 files changed, 13 insertions, 11 deletions
diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c index 14969aaa52..d61b78d9b6 100644 --- a/source4/heimdal/kdc/524.c +++ b/source4/heimdal/kdc/524.c @@ -53,7 +53,7 @@ fetch_server (krb5_context context, krb5_error_code ret; krb5_principal sprinc; - ret = _krb5_principalname2krb5_principal(&sprinc, t->sname, t->realm); + ret = _krb5_principalname2krb5_principal(context, &sprinc, t->sname, t->realm); if (ret) { kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s", krb5_get_err_text(context, ret)); @@ -90,7 +90,7 @@ log_524 (krb5_context context, char *cpn; krb5_error_code ret; - ret = _krb5_principalname2krb5_principal(&client, et->cname, et->crealm); + ret = _krb5_principalname2krb5_principal(context, &client, et->cname, et->crealm); if (ret) { kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s", krb5_get_err_text (context, ret)); diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c index 4ece1a47d6..d7a3a9cb69 100644 --- a/source4/heimdal/kdc/kerberos4.c +++ b/source4/heimdal/kdc/kerberos4.c @@ -655,7 +655,8 @@ _kdc_encode_v4_ticket(krb5_context context, { krb5_principal princ; - _krb5_principalname2krb5_principal(&princ, + _krb5_principalname2krb5_principal(context, + &princ, *service, et->crealm); ret = krb5_524_conv_principal(context, @@ -667,7 +668,8 @@ _kdc_encode_v4_ticket(krb5_context context, if(ret) return ret; - _krb5_principalname2krb5_principal(&princ, + _krb5_principalname2krb5_principal(context, + &princ, et->cname, et->crealm); diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 877b88c155..a73c2c10b3 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -869,7 +869,7 @@ _kdc_as_rep(krb5_context context, ret = KRB5KRB_ERR_GENERIC; e_text = "No server in request"; } else{ - _krb5_principalname2krb5_principal (&server_princ, + _krb5_principalname2krb5_principal (context, &server_princ, *(b->sname), b->realm); ret = krb5_unparse_name(context, server_princ, &server_name); } @@ -882,7 +882,7 @@ _kdc_as_rep(krb5_context context, ret = KRB5KRB_ERR_GENERIC; e_text = "No client in request"; } else { - _krb5_principalname2krb5_principal (&client_princ, + _krb5_principalname2krb5_principal (context, &client_princ, *(b->cname), b->realm); ret = krb5_unparse_name(context, client_princ, &client_name); } @@ -1270,7 +1270,7 @@ _kdc_as_rep(krb5_context context, if (f.request_anonymous) make_anonymous_principalname (&rep.cname); else - _krb5_principal2principalname(&rep.cname, + _krb5_principal2principalname(&rep.cname, client->entry.principal); rep.ticket.tkt_vno = 5; copy_Realm(&server->entry.principal->realm, &rep.ticket.realm); @@ -2137,7 +2137,7 @@ tgs_rep2(krb5_context context, goto out2; } - _krb5_principalname2krb5_principal(&princ, + _krb5_principalname2krb5_principal(context, &princ, ap_req.ticket.sname, ap_req.ticket.realm); @@ -2340,7 +2340,7 @@ tgs_rep2(krb5_context context, ret = KRB5KDC_ERR_POLICY; goto out2; } - _krb5_principalname2krb5_principal(&p, t->sname, t->realm); + _krb5_principalname2krb5_principal(context, &p, t->sname, t->realm); ret = _kdc_db_fetch(context, config, p, HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &uu); krb5_free_principal(context, p); @@ -2364,11 +2364,11 @@ tgs_rep2(krb5_context context, r = adtkt.crealm; } - _krb5_principalname2krb5_principal(&sp, *s, r); + _krb5_principalname2krb5_principal(context, &sp, *s, r); ret = krb5_unparse_name(context, sp, &spn); if (ret) goto out; - _krb5_principalname2krb5_principal(&cp, tgt->cname, tgt->crealm); + _krb5_principalname2krb5_principal(context, &cp, tgt->cname, tgt->crealm); ret = krb5_unparse_name(context, cp, &cpn); if (ret) goto out; |