mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:kdc: Consider a single‐component krbtgt principal to be the TGS
This matches the behaviour of Windows. NOTE: This commit finally works again! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
7b68f751be
commit
ddef0e5e1f
@ -3454,6 +3454,10 @@ int smb_krb5_principal_is_tgs(krb5_context context,
|
||||
int eq = 1;
|
||||
krb5_error_code ret = 0;
|
||||
|
||||
if (krb5_princ_size(context, principal) > 2) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
ret = smb_krb5_principal_get_comp_string(NULL, context, principal, 0, &p);
|
||||
if (ret == ENOENT) {
|
||||
return 0;
|
||||
@ -3461,8 +3465,7 @@ int smb_krb5_principal_is_tgs(krb5_context context,
|
||||
return -1;
|
||||
}
|
||||
|
||||
eq = krb5_princ_size(context, principal) == 2 &&
|
||||
(strcmp(p, KRB5_TGS_NAME) == 0);
|
||||
eq = strcmp(p, KRB5_TGS_NAME) == 0;
|
||||
|
||||
talloc_free(p);
|
||||
|
||||
|
@ -135,14 +135,3 @@
|
||||
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.ConditionalAceTests\.test_device_in_network_group_rbcd\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.DeviceRestrictionTests\.test_device_in_network_group\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.TgsReqServicePolicyTests\.test_device_in_network_group\(ad_dc\)$
|
||||
#
|
||||
# Single‐component krbtgt principal tests
|
||||
#
|
||||
^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_krbtgt_single_component_krbtgt\(fl2003dc\)$
|
||||
^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_krbtgt_single_component_krbtgt\(fl2008r2dc\)$
|
||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_as_req\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_tgs_req\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_requester_sid_as_req\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_requester_sid_tgs_req\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_service_ticket\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.kpasswd_tests\.samba\.tests\.krb5\.kpasswd_tests\.KpasswdTests\.test_kpasswd_tgt_single_component_krbtgt\(ad_dc\)$
|
||||
|
@ -132,11 +132,6 @@
|
||||
#
|
||||
# Single‐component krbtgt principal tests
|
||||
#
|
||||
^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_krbtgt_single_component_krbtgt\(fl2003dc\)$
|
||||
^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_krbtgt_single_component_krbtgt\(fl2008r2dc\)$
|
||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_as_req\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_tgs_req\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_requester_sid_as_req\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_requester_sid_tgs_req\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_service_ticket\(ad_dc\)$
|
||||
^samba\.tests\.krb5\.kpasswd_tests\.samba\.tests\.krb5\.kpasswd_tests\.KpasswdTests\.test_kpasswd_tgt_single_component_krbtgt\(ad_dc\)$
|
||||
|
@ -2488,7 +2488,7 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
|
||||
}
|
||||
|
||||
if (lpcfg_is_my_domain_or_realm(lp_ctx, realm_from_princ)
|
||||
&& lpcfg_is_my_domain_or_realm(lp_ctx, realm_princ_comp)) {
|
||||
&& (realm_princ_comp == NULL || lpcfg_is_my_domain_or_realm(lp_ctx, realm_princ_comp))) {
|
||||
/* us, or someone quite like us */
|
||||
/* Kludge, kludge, kludge. If the realm part of krbtgt/realm,
|
||||
* is in our db, then direct the caller at our primary
|
||||
|
Loading…
Reference in New Issue
Block a user