oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Separate enterprise and canonicalize flags

Browse Source 
The meaning of the two is different and we should
not implicitly set both if one was requested (this
aligns the logic with MIT kinit -C/-E options).

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
This commit is contained in:
Isaac Boukris
2018-12-24 17:15:53 +02:00
committed by Nico Williams
parent 2ee4169dd1
commit efb111e450
4 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/krb5/init_creds_pw.c
View File

@@ -426,9 +426,7 @@ get_init_creds_common(krb5_context context,
if (ctx->keyproc == NULL)
ctx->keyproc = default_s2k_func;
/* Enterprise name implicitly turns on canonicalize */
if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) ||
krb5_principal_get_type(context, client) == KRB5_NT_ENTERPRISE_PRINCIPAL)
if (ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE)
ctx->flags.canonicalize = 1;
ctx->pre_auth_types = NULL;