[31095] in CVS-changelog-for-Kerberos-V5
krb5 commit: Pass client flag to KDB for client preauth match
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Jan 27 16:58:12 2022
Date: Thu, 27 Jan 2022 16:57:46 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <202201272157.20RLvkrg009608@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/d4359c66c78a2c59e6bf3b905c4de58e920c7349
commit d4359c66c78a2c59e6bf3b905c4de58e920c7349
Author: Greg Hudson <ghudson@mit.edu>
Date: Tue Jan 18 17:06:46 2022 -0500
Pass client flag to KDB for client preauth match
In the kdcpreauth match_client() callback, if it is necessary to look
up the given principal in the KDB, pass KRB5_KDB_FLAG_CLIENT to
krb5_db_get_principal(). Samba requires this flag to properly handle
enterprise client principals.
ticket: 9048 (new)
src/kdc/kdc_preauth.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index e132390..5d3dfd8 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -491,7 +491,7 @@ match_client(krb5_context context, krb5_kdcpreauth_rock rock,
krb5_principal_compare(context, princ, client))
return TRUE;
- if (krb5_db_get_principal(context, princ, 0, &ent))
+ if (krb5_db_get_principal(context, princ, KRB5_KDB_FLAG_CLIENT, &ent))
return FALSE;
match = krb5_principal_compare(context, ent->princ, client);
krb5_db_free_principal(context, ent);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
