Fix is_referral flag in KDC TGS code

A server response which is a cross-realm TGT is not a referral if it was directly requested by the client. Misclassifying such a response as a referral means we don't mirror the request's name type, which has been observed to break older Java clients. ticket: 7555 (new)
author: Greg Hudson <ghudson@mit.edu> 2013-01-31 01:26:22 -0500
committer: Greg Hudson <ghudson@mit.edu> 2013-01-31 01:26:22 -0500
commit: c072b059ecff257e7600be0e86869decd135d422 (patch)
tree: d6a02e19fc3b51a3103fd51838f29195a4fed274
parent: a453a2c654f7c4ca447d336199f395b8fa305de8 (diff)
download: krb5-c072b059ecff257e7600be0e86869decd135d422.tar.gz
krb5-c072b059ecff257e7600be0e86869decd135d422.tar.xz
krb5-c072b059ecff257e7600be0e86869decd135d422.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index d2b89e25ec..12589b8039 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -246,7 +246,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
         setflag(c_flags, KRB5_KDB_FLAG_CROSS_REALM);
 
     is_referral = krb5_is_tgs_principal(server->princ) &&
-        !krb5_principal_compare(kdc_context, tgs_server, server->princ);
+        !krb5_principal_compare(kdc_context, request->server, server->princ);
 
     /* Check for protocol transition */
     errcode = kdc_process_s4u2self_req(kdc_active_realm,
author	Greg Hudson <ghudson@mit.edu>	2013-01-31 01:26:22 -0500
committer	Greg Hudson <ghudson@mit.edu>	2013-01-31 01:26:22 -0500
commit	c072b059ecff257e7600be0e86869decd135d422 (patch)
tree	d6a02e19fc3b51a3103fd51838f29195a4fed274
parent	a453a2c654f7c4ca447d336199f395b8fa305de8 (diff)
download	krb5-c072b059ecff257e7600be0e86869decd135d422.tar.gz krb5-c072b059ecff257e7600be0e86869decd135d422.tar.xz krb5-c072b059ecff257e7600be0e86869decd135d422.zip