Univention Bugzilla – Attachment 9007 Details for
Bug 44963
Samba Kerberos: Bad request for constrained delegation
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
0110_s4u2proxy_realm.patch
0110_s4u2proxy_realm.patch (text/plain), 1.25 KB, created by
Arvid Requate
on 2017-07-10 18:46:41 CEST
(
hide
)
Description:
0110_s4u2proxy_realm.patch
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2017-07-10 18:46:41 CEST
Size:
1.25 KB
patch
obsolete
>Patch for Bug #37687 > >--- heimdal-1.6~git20120403+dfsg1.orig/kdc/krb5tgs.c 2014-11-29 20:07:40.932000000 +0100 >+++ heimdal-1.6~git20120403+dfsg1/kdc/krb5tgs.c 2014-11-29 20:29:03.736000000 +0100 >@@ -537,6 +537,25 @@ check_constrained_delegation(krb5_contex > if (krb5_principal_compare(context, client->entry.principal, server->entry.principal) == TRUE) > return 0; > >+ /* It's also Ok if server contains REALM and delegates to itself */ >+ { >+ krb5_principal tmp_princ; >+ char *tmp_spn; >+ ret = krb5_unparse_name_flags(context, server->entry.principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &tmp_spn); >+ if (!ret) { >+ ret = krb5_parse_name(context, tmp_spn, &tmp_princ); >+ free(tmp_spn); >+ if (!ret) { >+ if(krb5_realm_compare(context, tmp_princ, server->entry.principal) && >+ (krb5_principal_compare(context, client->entry.principal, tmp_princ) == TRUE)) { >+ krb5_free_principal(context, tmp_princ); >+ return 0; >+ } >+ krb5_free_principal(context, tmp_princ); >+ } >+ } >+ } >+ > ret = hdb_entry_get_ConstrainedDelegACL(&client->entry, &acl); > if (ret) { > krb5_clear_error_message(context);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9007">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 44963
: 9007