Attachment 9007 Details for Bug 44963

[patch] 0110_s4u2proxy_realm.patch

0110_s4u2proxy_realm.patch (text/plain), 1.25 KB, created by Arvid Requate on 2017-07-10 18:46 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Arvid Requate

Created: 2017-07-10 18:46 CEST

Size: 1.25 KB

patch

obsolete

>Patch for Bug #37687
>
>--- heimdal-1.6~git20120403+dfsg1.orig/kdc/krb5tgs.c	2014-11-29 20:07:40.932000000 +0100
>+++ heimdal-1.6~git20120403+dfsg1/kdc/krb5tgs.c	2014-11-29 20:29:03.736000000 +0100
>@@ -537,6 +537,25 @@ check_constrained_delegation(krb5_contex
> 	if (krb5_principal_compare(context, client->entry.principal, server->entry.principal) == TRUE)
> 	    return 0;
> 
>+	/* It's also Ok if server contains REALM and delegates to itself */
>+        {
>+        krb5_principal tmp_princ;
>+        char *tmp_spn;
>+        ret = krb5_unparse_name_flags(context, server->entry.principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &tmp_spn);
>+        if (!ret) {
>+            ret = krb5_parse_name(context, tmp_spn, &tmp_princ);
>+            free(tmp_spn);
>+            if (!ret) {
>+                if(krb5_realm_compare(context, tmp_princ, server->entry.principal) &&
>+                   (krb5_principal_compare(context, client->entry.principal, tmp_princ) == TRUE)) {
>+                   krb5_free_principal(context, tmp_princ);
>+                   return 0;
>+                }
>+                krb5_free_principal(context, tmp_princ);
>+            }
>+        }
>+        }
>+
> 	ret = hdb_entry_get_ConstrainedDelegACL(&client->entry, &acl);
> 	if (ret) {
> 	    krb5_clear_error_message(context);

Actions: View | Diff

Attachments on bug 44963: 9007