oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: PAC_EXTRA_LOGON_INFO_FLAGS_UPN_DEFAULTED fix

Browse Source 
Only set the PAC_EXTRA_LOGON_INFO_FLAGS_UPN_DEFAULTED flag in the
UPN_DNS_INFO_EX PAC buffer, if the provided UPN matches the cname.

This is a NOOP at present, as no UPN is provided by the Heimdal KDC.
This commit is contained in:
Luke Howard
2021-12-22 16:36:32 +11:00
parent 692ed5e841
commit c974f8625c
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/krb5/pac.c
View File

@@ -747,6 +747,7 @@ out:
static krb5_error_code
build_upn_dns_info(krb5_context context,
krb5_const_principal upn_princ,
krb5_boolean upn_defaulted,
krb5_const_principal canon_princ,
const krb5_data *sid,
krb5_data *upn_dns_info)
@@ -804,7 +805,7 @@ build_upn_dns_info(krb5_context context,
goto out;
flags = 0;
if (upn_princ)
if (upn_princ && upn_defaulted)
flags |= PAC_EXTRA_LOGON_INFO_FLAGS_UPN_DEFAULTED;
if (canon_princ || sid)
flags |= PAC_EXTRA_LOGON_INFO_FLAGS_HAS_SAM_NAME_AND_SID;
@@ -1498,8 +1499,13 @@ _krb5_pac_sign(krb5_context context,
if (ret == 0)
ret = pac_checksum(context, priv_key, &priv_cksumtype, &priv_size);
if (ret == 0 && (upn_princ || canon_princ))
ret = build_upn_dns_info(context, upn_princ, canon_princ, NULL, &upn_dns_info);
if (ret == 0 && (upn_princ || canon_princ)) {
krb5_boolean upn_defaulted =
upn_princ && krb5_principal_compare(context, principal, upn_princ);
ret = build_upn_dns_info(context, upn_princ, upn_defaulted,
canon_princ, NULL, &upn_dns_info);
}
if (ret == 0 && pac_attributes)
ret = build_attributes_info(context, *pac_attributes, &attributes_info);