mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4:kdc: Consider a single‐component krbtgt principal to be the TGS
This matches the behaviour of Windows. NOTE: This commit finally works again! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
7b68f751be
commit
ddef0e5e1f
@ -3454,6 +3454,10 @@ int smb_krb5_principal_is_tgs(krb5_context context,
|
|||||||
int eq = 1;
|
int eq = 1;
|
||||||
krb5_error_code ret = 0;
|
krb5_error_code ret = 0;
|
||||||
|
|
||||||
|
if (krb5_princ_size(context, principal) > 2) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
ret = smb_krb5_principal_get_comp_string(NULL, context, principal, 0, &p);
|
ret = smb_krb5_principal_get_comp_string(NULL, context, principal, 0, &p);
|
||||||
if (ret == ENOENT) {
|
if (ret == ENOENT) {
|
||||||
return 0;
|
return 0;
|
||||||
@ -3461,8 +3465,7 @@ int smb_krb5_principal_is_tgs(krb5_context context,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
eq = krb5_princ_size(context, principal) == 2 &&
|
eq = strcmp(p, KRB5_TGS_NAME) == 0;
|
||||||
(strcmp(p, KRB5_TGS_NAME) == 0);
|
|
||||||
|
|
||||||
talloc_free(p);
|
talloc_free(p);
|
||||||
|
|
||||||
|
@ -135,14 +135,3 @@
|
|||||||
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.ConditionalAceTests\.test_device_in_network_group_rbcd\(ad_dc\)$
|
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.ConditionalAceTests\.test_device_in_network_group_rbcd\(ad_dc\)$
|
||||||
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.DeviceRestrictionTests\.test_device_in_network_group\(ad_dc\)$
|
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.DeviceRestrictionTests\.test_device_in_network_group\(ad_dc\)$
|
||||||
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.TgsReqServicePolicyTests\.test_device_in_network_group\(ad_dc\)$
|
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.TgsReqServicePolicyTests\.test_device_in_network_group\(ad_dc\)$
|
||||||
#
|
|
||||||
# Single‐component krbtgt principal tests
|
|
||||||
#
|
|
||||||
^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_krbtgt_single_component_krbtgt\(fl2003dc\)$
|
|
||||||
^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_krbtgt_single_component_krbtgt\(fl2008r2dc\)$
|
|
||||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_as_req\(ad_dc\)$
|
|
||||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_tgs_req\(ad_dc\)$
|
|
||||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_requester_sid_as_req\(ad_dc\)$
|
|
||||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_requester_sid_tgs_req\(ad_dc\)$
|
|
||||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_service_ticket\(ad_dc\)$
|
|
||||||
^samba\.tests\.krb5\.kpasswd_tests\.samba\.tests\.krb5\.kpasswd_tests\.KpasswdTests\.test_kpasswd_tgt_single_component_krbtgt\(ad_dc\)$
|
|
||||||
|
@ -132,11 +132,6 @@
|
|||||||
#
|
#
|
||||||
# Single‐component krbtgt principal tests
|
# Single‐component krbtgt principal tests
|
||||||
#
|
#
|
||||||
^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_krbtgt_single_component_krbtgt\(fl2003dc\)$
|
|
||||||
^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_krbtgt_single_component_krbtgt\(fl2008r2dc\)$
|
|
||||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_as_req\(ad_dc\)$
|
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_as_req\(ad_dc\)$
|
||||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_tgs_req\(ad_dc\)$
|
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_tgs_req\(ad_dc\)$
|
||||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_requester_sid_as_req\(ad_dc\)$
|
|
||||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_requester_sid_tgs_req\(ad_dc\)$
|
|
||||||
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_service_ticket\(ad_dc\)$
|
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_service_ticket\(ad_dc\)$
|
||||||
^samba\.tests\.krb5\.kpasswd_tests\.samba\.tests\.krb5\.kpasswd_tests\.KpasswdTests\.test_kpasswd_tgt_single_component_krbtgt\(ad_dc\)$
|
|
||||||
|
@ -2488,7 +2488,7 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (lpcfg_is_my_domain_or_realm(lp_ctx, realm_from_princ)
|
if (lpcfg_is_my_domain_or_realm(lp_ctx, realm_from_princ)
|
||||||
&& lpcfg_is_my_domain_or_realm(lp_ctx, realm_princ_comp)) {
|
&& (realm_princ_comp == NULL || lpcfg_is_my_domain_or_realm(lp_ctx, realm_princ_comp))) {
|
||||||
/* us, or someone quite like us */
|
/* us, or someone quite like us */
|
||||||
/* Kludge, kludge, kludge. If the realm part of krbtgt/realm,
|
/* Kludge, kludge, kludge. If the realm part of krbtgt/realm,
|
||||||
* is in our db, then direct the caller at our primary
|
* is in our db, then direct the caller at our primary
|
||||||
|
Loading…
Reference in New Issue
Block a user