56 lines
2.1 KiB
Diff
56 lines
2.1 KiB
Diff
From 3fc519edec0159535baa0b659861b73f40632110 Mon Sep 17 00:00:00 2001
|
|
From: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Date: Tue, 7 Dec 2021 13:15:38 +1300
|
|
Subject: [PATCH 51/99] kdc: Canonicalize realm for enterprise principals
|
|
|
|
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-Date(master): Tue Dec 7 04:54:35 UTC 2021 on sn-devel-184
|
|
|
|
(cherry picked from commit 8bd7b316bd61ef35f6e0baa0b65f0ef00910112c)
|
|
Conflict: remove selftest/knownfail.d/kdc-enterprise selftest/knownfail_heimdal_kdc selftest/knownfail_mit_kdc
|
|
---
|
|
source4/kdc/db-glue.c | 24 +++++------
|
|
4 files changed, 47 insertions(+), 79 deletions(-)
|
|
delete mode 100644 selftest/knownfail.d/kdc-enterprise
|
|
|
|
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
|
|
index bed0ff773f9..5752ffb821c 100644
|
|
--- a/source4/kdc/db-glue.c
|
|
+++ b/source4/kdc/db-glue.c
|
|
@@ -980,19 +980,17 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
|
|
goto out;
|
|
}
|
|
|
|
- if (smb_krb5_principal_get_type(context, principal) != KRB5_NT_ENTERPRISE_PRINCIPAL) {
|
|
- /* While we have copied the client principal, tests
|
|
- * show that Win2k3 returns the 'corrected' realm, not
|
|
- * the client-specified realm. This code attempts to
|
|
- * replace the client principal's realm with the one
|
|
- * we determine from our records */
|
|
-
|
|
- /* this has to be with malloc() */
|
|
- ret = smb_krb5_principal_set_realm(context, entry_ex->entry.principal, lpcfg_realm(lp_ctx));
|
|
- if (ret) {
|
|
- krb5_clear_error_message(context);
|
|
- goto out;
|
|
- }
|
|
+ /* While we have copied the client principal, tests
|
|
+ * show that Win2k3 returns the 'corrected' realm, not
|
|
+ * the client-specified realm. This code attempts to
|
|
+ * replace the client principal's realm with the one
|
|
+ * we determine from our records */
|
|
+
|
|
+ /* this has to be with malloc() */
|
|
+ ret = smb_krb5_principal_set_realm(context, entry_ex->entry.principal, lpcfg_realm(lp_ctx));
|
|
+ if (ret) {
|
|
+ krb5_clear_error_message(context);
|
|
+ goto out;
|
|
}
|
|
}
|
|
|
|
--
|
|
2.25.1
|