summaryrefslogtreecommitdiff
path: root/source4/heimdal/kdc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/kdc')
-rw-r--r--source4/heimdal/kdc/kerberos5.c20
1 files changed, 18 insertions, 2 deletions
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 3577a14e5f..ccfa35b638 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -758,11 +758,27 @@ check_addresses(krb5_context context,
krb5_error_code ret;
krb5_address addr;
krb5_boolean result;
-
+ krb5_boolean only_netbios = TRUE;
+ int i;
+
if(config->check_ticket_addresses == 0)
return TRUE;
- if(addresses == NULL)
+ if(addresses == NULL)
+ return config->allow_null_ticket_addresses;
+
+ for (i = 0; i < addresses->len; ++i) {
+ if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
+ only_netbios = FALSE;
+ }
+ }
+
+ /* Windows sends it's netbios name, which I can only assume is
+ * used for the 'allowed workstations' check. This is painful, but
+ * we still want to check IP addresses if they happen to be
+ * present. */
+
+ if(only_netbios)
return config->allow_null_ticket_addresses;
ret = krb5_sockaddr2address (context, from, &addr);
generated by cgit (git 2.34.1) at 2024-11-23 05:26:51 +0000