oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

From Andrew Bartlet via heimdal-bugs@h5l.org

Browse Source 
s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups

    The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
    list user principal name) in an AS-REQ.  Evidence from the wild
    (Win2k8 reportadely) indicates that this is instead valid for all
    types of requests.

    While this is now handled in heimdal/kdc/misc.c, a flag is now defined
    in Heimdal's hdb so that we can take over this handling in future (once we start
    using a system Heimdal, and if we find out there is more to be done
    here).

    Andrew

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25293 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-07-03 03:16:35 +00:00
parent 012eae7f34
commit ba04bad361
3 changed files with 32 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/hdb/hdb.h
View File

@@ -54,6 +54,8 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
#define HDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */
#define HDB_F_CANON 32 /* want canonicalition */
#define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1
/* key usage for master key */
#define HDB_KU_MKEY 0x484442
@@ -80,7 +82,7 @@ typedef struct HDB{
int hdb_master_key_set;
hdb_master_key hdb_master_key;
int hdb_openp;
int hdb_capability_flags;
/**
* Open (or create) the a Kerberos database.
*
@@ -184,7 +186,7 @@ typedef struct HDB{
krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*);
}HDB;
#define HDB_INTERFACE_VERSION 4
#define HDB_INTERFACE_VERSION 5
struct hdb_so_method {
int version;