oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(tgs_rep2): check that the client exists in the kerberos database if

Browse Source 
its local request.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17317 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-04-27 12:01:09 +00:00
parent 5c9982831b
commit 76ee5cb311
1 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
kdc/kerberos5.c
View File

@@ -2391,20 +2391,24 @@ tgs_rep2(krb5_context context,
if(ret) if(ret)
kdc_log(context, config, 1, "Client not found in database: %s: %s", kdc_log(context, config, 1, "Client not found in database: %s: %s",
cpn, krb5_get_err_text(context, ret)); cpn, krb5_get_err_text(context, ret));
#if 0
/* XXX check client only if same realm as krbtgt-instance */ /*
if(ret){ * If the client belongs to the same realm as our krbtgt, it
kdc_log(context, config, 0, * should exist in the local database.
"Client not found in database: %s: %s", *
cpn, krb5_get_err_text(context, ret)); * If its not the same, check the "direction" on the krbtgt,
if (ret == HDB_ERR_NOENTRY) * so its not a backward uni-directional trust.
ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; */
goto out;
}
#endif
if(strcmp(krb5_principal_get_realm(context, sp), if(strcmp(krb5_principal_get_realm(context, sp),
krb5_principal_get_comp_string(context, krbtgt->entry.principal, 1)) != 0) { krb5_principal_get_comp_string(context,
krbtgt->entry.principal, 1)) == 0) {
if(ret) {
if (ret == HDB_ERR_NOENTRY)
ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
goto out;
}
} else {
char *tpn; char *tpn;
ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn); ret = krb5_unparse_name(context, krbtgt->entry.principal, &tpn);
kdc_log(context, config, 0, kdc_log(context, config, 0,