diff options
author | Greg Hudson <ghudson@mit.edu> | 2010-04-22 23:29:40 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2010-04-22 23:29:40 +0000 |
commit | ae32c239988996a4cf3529b4d63cf68de739a496 (patch) | |
tree | 357e426cad08a62ea69ffa2ca39cef89b88f91c7 /src/lib/krb5 | |
parent | 719a2475df345ed2157996de1407b1507ac11d12 (diff) | |
download | krb5-ae32c239988996a4cf3529b4d63cf68de739a496.zip krb5-ae32c239988996a4cf3529b4d63cf68de739a496.tar.gz krb5-ae32c239988996a4cf3529b4d63cf68de739a496.tar.bz2 |
From Luke: fix the post-canonicalization cache check logic in
krb5_get_credentials_for_user().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23927 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5')
-rw-r--r-- | src/lib/krb5/krb/s4u_creds.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index 02485e8..da6dd0c 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -685,11 +685,17 @@ krb5_get_credentials_for_user(krb5_context context, krb5_flags options, if (code != 0) goto cleanup; - code = krb5_get_credentials(context, options | KRB5_GC_CACHED, - ccache, in_creds, out_creds); - if ((code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE) - || options & KRB5_GC_CACHED) - goto cleanup; + if (in_creds->client != NULL && + in_creds->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL) { + /* Post-canonicalisation check for enterprise principals */ + krb5_creds mcreds = *in_creds; + mcreds.client = realm; + code = krb5_get_credentials(context, options | KRB5_GC_CACHED, + ccache, &mcreds, out_creds); + if ((code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE) + || (options & KRB5_GC_CACHED)) + goto cleanup; + } code = krb5_get_self_cred_from_kdc(context, options, ccache, in_creds, subject_cert, |