diff options
author | Greg Hudson <ghudson@mit.edu> | 2022-01-18 17:06:46 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2022-01-27 16:08:43 -0500 |
commit | d4359c66c78a2c59e6bf3b905c4de58e920c7349 (patch) | |
tree | d23d995234bcea653ed0733745a83907c6bc39f6 | |
parent | 78fd66926c4be5910c1e21d9e553dfb792ae822a (diff) | |
download | krb5-d4359c66c78a2c59e6bf3b905c4de58e920c7349.zip krb5-d4359c66c78a2c59e6bf3b905c4de58e920c7349.tar.gz krb5-d4359c66c78a2c59e6bf3b905c4de58e920c7349.tar.bz2 |
Pass client flag to KDB for client preauth match
In the kdcpreauth match_client() callback, if it is necessary to look
up the given principal in the KDB, pass KRB5_KDB_FLAG_CLIENT to
krb5_db_get_principal(). Samba requires this flag to properly handle
enterprise client principals.
ticket: 9048 (new)
-rw-r--r-- | src/kdc/kdc_preauth.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index e132390..5d3dfd8 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -491,7 +491,7 @@ match_client(krb5_context context, krb5_kdcpreauth_rock rock, krb5_principal_compare(context, princ, client)) return TRUE; - if (krb5_db_get_principal(context, princ, 0, &ent)) + if (krb5_db_get_principal(context, princ, KRB5_KDB_FLAG_CLIENT, &ent)) return FALSE; match = krb5_principal_compare(context, ent->princ, client); krb5_db_free_principal(context, ent); |