oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

HEIMDAL: Require armor_server to be a krbtgt name, not just a server name

Browse Source 
Samba has a different lookup path for krbtgt/ principals.

armor_server is in this case the same as the server in a normal
TGS-REQ, just inside the FAST armor, so needs to have the same
lookup properties as the TGS-REQ does.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andrew Bartlett
2021-06-08 14:59:09 +12:00
committed by Luke Howard
parent 61f1be93e3
commit f03983b64d
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
kdc/fast.c
View File

@@ -429,7 +429,8 @@ _kdc_fast_unwrap_request(astgs_request_t r)
} }
ret = _kdc_db_fetch(r->context, r->config, armor_server, ret = _kdc_db_fetch(r->context, r->config, armor_server,
HDB_F_GET_SERVER | HDB_F_DELAY_NEW_KEYS, HDB_F_GET_KRBTGT
| HDB_F_DELAY_NEW_KEYS,
NULL, NULL, &armor_user); NULL, NULL, &armor_user);
if(ret == HDB_ERR_NOT_FOUND_HERE) { if(ret == HDB_ERR_NOT_FOUND_HERE) {
kdc_log(r->context, r->config, 5, kdc_log(r->context, r->config, 5,