diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-03-27 11:55:22 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-03-27 11:55:22 +1100 |
commit | 533024be44861c8d2c8ba3232738c7d2dbbe2e4f (patch) | |
tree | 048c8bd52b50604e950d7976115ebaf42a0802ed /source4/heimdal/lib/krb5/ticket.c | |
parent | 679854384252e698b8f8c09d31eb15ed043c919b (diff) | |
download | samba-533024be44861c8d2c8ba3232738c7d2dbbe2e4f.tar.gz samba-533024be44861c8d2c8ba3232738c7d2dbbe2e4f.tar.bz2 samba-533024be44861c8d2c8ba3232738c7d2dbbe2e4f.zip |
s4:heimdal: import lorikeet-heimdal-201003262338 (commit f4e0dc17709829235f057e0e100d34802d3929ff)
Diffstat (limited to 'source4/heimdal/lib/krb5/ticket.c')
-rw-r--r-- | source4/heimdal/lib/krb5/ticket.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 4d8da93579..e7d4d9532d 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -443,9 +443,7 @@ check_server_referral(krb5_context context, return KRB5KRB_AP_ERR_MODIFIED; } - if (returned->name.name_string.len == 2 && - strcmp(returned->name.name_string.val[0], KRB5_TGS_NAME) == 0) - { + if (krb5_principal_is_krbtgt(context, returned)) { const char *realm = returned->name.name_string.val[1]; if (ref.referred_realm == NULL @@ -485,7 +483,13 @@ check_server_referral(krb5_context context, return ret; noreferral: - if (krb5_principal_compare(context, requested, returned) == FALSE) { + /* + * Expect excact match or that we got a krbtgt + */ + if (krb5_principal_compare(context, requested, returned) != TRUE && + (krb5_realm_compare(context, requested, returned) != TRUE && + krb5_principal_is_krbtgt(context, returned) != TRUE)) + { krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, N_("Not same server principal returned " "as requested", "")); |