oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hdb: do not return HDB_ERR_WRONG_REALM if force_canon set

Browse Source 
In hdb_fetch_kvno(), do not return HDB_ERR_WRONG_REALM if the backend set the
force_canonicalize flag

Closes: #886
This commit is contained in:
Luke Howard
2021-12-14 18:00:05 +11:00
parent 54129c319c
commit d6f9cec30f
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/hdb/common.c
View File

@@ -1478,7 +1478,14 @@ hdb_fetch_kvno(krb5_context context,
ret = fetch_it(context, db, principal, flags, t, etype, kvno, h);
if (ret == HDB_ERR_NOENTRY)
krb5_set_error_message(context, ret, "no such entry found in hdb");
/*
* This check is to support aliases in HDB; the force_canonicalize
* check is to allow HDB backends to support realm name canon
* independently of principal aliases (used by Samba).
*/
if (ret == 0 && !(flags & HDB_F_ADMIN_DATA) &&
!h->entry.flags.force_canonicalize &&
!krb5_realm_compare(context, principal, h->entry.principal))
ret = HDB_ERR_WRONG_REALM;
return ret;