oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

princ type NT-UNKNOWN + "host" == NT-SRV-HST

Browse Source 
Treat principals of type NT-UNKNOWN as NT-SRV-HST if the first component
of the principal name is "host".

Change-Id: I28fb619379daac827436040e701d4ab7b279852b
This commit is contained in:
Jeffrey Altman
2016-07-17 19:50:38 -04:00
committed by Nicolas Williams
parent 5aef50c800
commit 6a1db3fb1c
2 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/gssapi/krb5/import_name.c
View File

@@ -88,14 +88,16 @@ _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
krb5_const_principal p = (krb5_const_principal)targetname;
krb5_error_code ret;
char *hostname = NULL, *service;
int type;
const char *comp;
*minor_status = 0;
/* If its not a hostname */
if (krb5_principal_get_type(context, p) != KRB5_NT_SRV_HST &&
krb5_principal_get_type(context, p) != KRB5_NT_SRV_HST_NEEDS_CANON) {
ret = krb5_copy_principal(context, p, out);
} else {
type = krb5_principal_get_type(context, p);
comp = krb5_principal_get_comp_string(context, p, 0);
if (type == KRB5_NT_SRV_HST || type == KRB5_NT_SRV_HST_NEEDS_CANON ||
(type == KRB5_NT_UNKNOWN && comp != NULL && strcmp(comp, "host") == 0)) {
if (p->name.name_string.len == 0)
return GSS_S_BAD_NAME;
else if (p->name.name_string.len > 1)
@@ -108,6 +110,8 @@ _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
service,
KRB5_NT_SRV_HST,
out);
} else {
ret = krb5_copy_principal(context, p, out);
}
if (ret) {

7
lib/krb5/get_cred.c
View File

@@ -1478,6 +1478,8 @@ krb5_get_creds(krb5_context context,
krb5_name_canon_iterator name_canon_iter = NULL;
krb5_name_canon_rule_options rule_opts;
int i;
int type;
const char *comp;
memset(&in_creds, 0, sizeof(in_creds));
in_creds.server = rk_UNCONST(inprinc);
@@ -1555,7 +1557,10 @@ next_rule:
if (options & KRB5_GC_CACHED)
goto next_rule;
if (try_princ->name.name_type == KRB5_NT_SRV_HST)
type = krb5_principal_get_type(context, try_princ);
comp = krb5_principal_get_comp_string(context, try_princ, 0);
if ((type == KRB5_NT_SRV_HST || type == KRB5_NT_UNKNOWN) &&
comp != NULL && strcmp(comp, "host") == 0)
flags.b.canonicalize = 1;
if (rule_opts & KRB5_NCRO_NO_REFERRALS)
flags.b.canonicalize = 0;