oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

allow a cross realm ticket returned in the non referrals case

Browse Source
This commit is contained in:
Love Hornquist Astrand
2010-03-07 01:02:02 -08:00
parent 03262460dd
commit ae74dc7316
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/krb5/ticket.c
View File

@@ -443,9 +443,7 @@ check_server_referral(krb5_context context,
return KRB5KRB_AP_ERR_MODIFIED; return KRB5KRB_AP_ERR_MODIFIED;
} }
if (returned->name.name_string.len == 2 && if (krb5_principal_is_krbtgt(context, returned)) {
strcmp(returned->name.name_string.val[0], KRB5_TGS_NAME) == 0)
{
const char *realm = returned->name.name_string.val[1]; const char *realm = returned->name.name_string.val[1];
if (ref.referred_realm == NULL if (ref.referred_realm == NULL
@@ -485,7 +483,13 @@ check_server_referral(krb5_context context,
return ret; return ret;
noreferral: noreferral:
if (krb5_principal_compare(context, requested, returned) == FALSE) { /*
* Expect excact match or that we got a krbtgt
*/
if (krb5_principal_compare(context, requested, returned) != TRUE &&
(krb5_realm_compare(context, requested, returned) != TRUE &&
krb5_principal_is_krbtgt(context, returned) != TRUE))
{
krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED,
N_("Not same server principal returned " N_("Not same server principal returned "
"as requested", "")); "as requested", ""));