oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: audit requestor SID in altsecid GSS PA plugin

Browse Source
This commit is contained in:
Luke Howard
2022-01-04 02:30:42 +00:00
parent efdd0bda24
commit bb699fb819
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
kdc/altsecid_gss_preauth_authorizer.c
View File

@@ -453,7 +453,7 @@ authorize(void *ctx,
if (requestor_sid) { if (requestor_sid) {
krb5_kdc_request_set_attribute((kdc_request_t)r, krb5_kdc_request_set_attribute((kdc_request_t)r,
HSTR("org.h5l.pac-requestor-sid"), requestor_sid); HSTR("org.h5l.gss-pa-requestor-sid"), requestor_sid);
heim_release(requestor_sid); heim_release(requestor_sid);
} }
@@ -466,10 +466,12 @@ finalize_pac(void *ctx, astgs_request_t r)
heim_data_t requestor_sid; heim_data_t requestor_sid;
requestor_sid = krb5_kdc_request_get_attribute((kdc_request_t)r, requestor_sid = krb5_kdc_request_get_attribute((kdc_request_t)r,
HSTR("org.h5l.pac-requestor-sid")); HSTR("org.h5l.gss-pa-requestor-sid"));
if (requestor_sid == NULL) if (requestor_sid == NULL)
return 0; return 0;
_kdc_audit_setkv_object((kdc_request_t)r, "gss_requestor_sid", requestor_sid);
return krb5_pac_add_buffer(r->context, r->pac, PAC_REQUESTOR_SID, return krb5_pac_add_buffer(r->context, r->pac, PAC_REQUESTOR_SID,
heim_data_get_data(requestor_sid)); heim_data_get_data(requestor_sid));
} }