oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Revert "heimdal: handle referrals for 3 part DRSUAPI SPNs"

Browse Source 
Active Directory/Samba-specific referral policy should be implemented by a
windc plugin, not in the main KDC code. It looks like it probably isn't
necessary at all if Samba wishes to bypass Heimdal's referral handling.

This reverts commit 6f0cafa6cf.
This commit is contained in:
Luke Howard
2022-01-02 22:22:15 +11:00
parent 3fa47f5a1a
commit 98070b5eaa
1 changed files with 1 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
kdc/krb5tgs.c
View File

@@ -922,23 +922,7 @@ need_referral(krb5_context context, krb5_kdc_configuration *config,
if (server->name.name_string.len == 1)
name = server->name.name_string.val[0];
else if (server->name.name_string.len == 3) {
/*
This is used to give referrals for the
E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/DNSDOMAIN
SPN form, which is used for inter-domain communication in AD
*/
name = server->name.name_string.val[2];
kdc_log(context, config, 4, "Giving 3 part referral for %s", name);
*realms = malloc(sizeof(char *)*2);
if (*realms == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return FALSE;
}
(*realms)[0] = strdup(name);
(*realms)[1] = NULL;
return TRUE;
} else if (server->name.name_string.len > 1)
else if (server->name.name_string.len > 1)
name = server->name.name_string.val[1];
else
return FALSE;