oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: audit requestor SID in altsecid GSS PA plugin

Browse Source
This commit is contained in:
Luke Howard
2022-01-04 02:30:42 +00:00
parent efdd0bda24
commit bb699fb819
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
kdc/altsecid_gss_preauth_authorizer.c
View File

@@ -453,7 +453,7 @@ authorize(void *ctx,
if (requestor_sid) {
krb5_kdc_request_set_attribute((kdc_request_t)r,
HSTR("org.h5l.pac-requestor-sid"), requestor_sid);
HSTR("org.h5l.gss-pa-requestor-sid"), requestor_sid);
heim_release(requestor_sid);
}
@@ -466,10 +466,12 @@ finalize_pac(void *ctx, astgs_request_t r)
heim_data_t requestor_sid;
requestor_sid = krb5_kdc_request_get_attribute((kdc_request_t)r,
HSTR("org.h5l.pac-requestor-sid"));
HSTR("org.h5l.gss-pa-requestor-sid"));
if (requestor_sid == NULL)
return 0;
_kdc_audit_setkv_object((kdc_request_t)r, "gss_requestor_sid", requestor_sid);
return krb5_pac_add_buffer(r->context, r->pac, PAC_REQUESTOR_SID,
heim_data_get_data(requestor_sid));
}