oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

tgs-rep: always return canonical realm when force_canonicalize set

Browse Source 
This allows Samba to have a behaviour where
even if canonicalize flag is not set, the canonical realm
is returned, allowing a HDB module to require behaviour
that is the same as Windows.

Regression (for a HDB module wanting AD behaviour) was
introduced by commit:
378f34b4be

Signed-off-by: Isaac Boukris <iboukris@gmail.com>

[abartlet@samba.org Similar to Samba commit a9e6119ca0c2a78ef314c3162122539ee834aa04
 but made conditional on server->entry.flags.force_canonicalize to
 allow upstream submission]
This commit is contained in:
Isaac Boukris
2018-10-31 21:46:45 +02:00
committed by Luke Howard
parent 5d92219788
commit 6f81e4c93b
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
kdc/krb5tgs.c
View File

@@ -611,7 +611,11 @@ tgs_make_reply(astgs_request_t r,
if(ret) if(ret)
goto out; goto out;
ret = copy_Realm(&server_principal->realm, &rep.ticket.realm); if (server->entry.flags.force_canonicalize)
ret = copy_Realm(&server->entry.principal->realm, &rep.ticket.realm);
else
ret = copy_Realm(&server_principal->realm, &rep.ticket.realm);
if (ret) if (ret)
goto out; goto out;
_krb5_principal2principalname(&rep.ticket.sname, server_principal); _krb5_principal2principalname(&rep.ticket.sname, server_principal);