[27527] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix is_referral flag in KDC TGS code
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Jan 31 01:32:07 2013
Date: Thu, 31 Jan 2013 01:32:04 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201301310632.r0V6W4oC029919@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/c072b059ecff257e7600be0e86869decd135d422
commit c072b059ecff257e7600be0e86869decd135d422
Author: Greg Hudson <ghudson@mit.edu>
Date: Thu Jan 31 01:26:22 2013 -0500
Fix is_referral flag in KDC TGS code
A server response which is a cross-realm TGT is not a referral if it
was directly requested by the client. Misclassifying such a response
as a referral means we don't mirror the request's name type, which has
been observed to break older Java clients.
ticket: 7555 (new)
src/kdc/do_tgs_req.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index d2b89e2..12589b8 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -246,7 +246,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
setflag(c_flags, KRB5_KDB_FLAG_CROSS_REALM);
is_referral = krb5_is_tgs_principal(server->princ) &&
- !krb5_principal_compare(kdc_context, tgs_server, server->princ);
+ !krb5_principal_compare(kdc_context, request->server, server->princ);
/* Check for protocol transition */
errcode = kdc_process_s4u2self_req(kdc_active_realm,
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
