diff options
author | Luke Howard <lukeh@padl.com> | 2009-01-02 07:27:20 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2009-01-02 07:27:20 +0000 |
commit | 0891b59cdc68539ba7fc890345f4555ed3e7475f (patch) | |
tree | ede9c83834f8abe34506c25c676d18c2906d6029 | |
parent | f8df12386debf80055fa51dec962d433e3a81f51 (diff) | |
download | krb5-0891b59cdc68539ba7fc890345f4555ed3e7475f.zip krb5-0891b59cdc68539ba7fc890345f4555ed3e7475f.tar.gz krb5-0891b59cdc68539ba7fc890345f4555ed3e7475f.tar.bz2 |
In an AS-REP, only canonicalize the server name if we are returning a
TGT, and the client requested one
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21660 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/kdc/do_as_req.c | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 6574cee..2b74b5c 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -112,7 +112,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, char *cname = 0, *sname = 0; const char *fromstring = 0; unsigned int c_flags = 0, s_flags = 0; - krb5_principal_data server_princ, client_princ; + krb5_principal_data client_princ; char ktypestr[128]; char rep_etypestr[128]; char fromstringbuf[70]; @@ -281,23 +281,17 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, } /* - * Turn off canonicalization for services that are aliases of - * the TGS, such as (in Windows) the changepw service. + * Canonicalization is only effective if we are issuing a TGT + * (the intention is to allow support for Windows "short" realm + * aliases, nothing more). */ if (isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE) && - krb5_is_tgs_principal(server.princ) && - !krb5_is_tgs_principal(request->server)) { - clear(s_flags, KRB5_KDB_FLAG_CANONICALIZE); - } - - if (isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) { - server_princ = *(server.princ); + krb5_is_tgs_principal(request->server) && + krb5_is_tgs_principal(server.princ)) { + ticket_reply.server = server.princ; } else { - server_princ = *(request->server); - /* The realm is always canonicalized in Windows */ - server_princ.realm = *(krb5_princ_realm(context, server.princ)); + ticket_reply.server = request->server; } - ticket_reply.server = &server_princ; enc_tkt_reply.flags = 0; enc_tkt_reply.times.authtime = authtime; |