summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/krb5/ticket.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/krb5/ticket.c')
-rw-r--r--source4/heimdal/lib/krb5/ticket.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
index 4d8da93579..e7d4d9532d 100644
--- a/source4/heimdal/lib/krb5/ticket.c
+++ b/source4/heimdal/lib/krb5/ticket.c
@@ -443,9 +443,7 @@ check_server_referral(krb5_context context,
return KRB5KRB_AP_ERR_MODIFIED;
}
- if (returned->name.name_string.len == 2 &&
- strcmp(returned->name.name_string.val[0], KRB5_TGS_NAME) == 0)
- {
+ if (krb5_principal_is_krbtgt(context, returned)) {
const char *realm = returned->name.name_string.val[1];
if (ref.referred_realm == NULL
@@ -485,7 +483,13 @@ check_server_referral(krb5_context context,
return ret;
noreferral:
- if (krb5_principal_compare(context, requested, returned) == FALSE) {
+ /*
+ * Expect excact match or that we got a krbtgt
+ */
+ if (krb5_principal_compare(context, requested, returned) != TRUE &&
+ (krb5_realm_compare(context, requested, returned) != TRUE &&
+ krb5_principal_is_krbtgt(context, returned) != TRUE))
+ {
krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
N_("Not same server principal returned "
"as requested", ""));
generated by cgit (git 2.34.1) at 2024-06-25 06:57:06 +0000