diff options
author | Andrew Bartlett <abartlet@samba.org> | 2015-03-09 16:00:56 +1300 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2015-03-09 09:35:05 +0100 |
commit | a1ddee8d2f9e58e04f3203db9afa576354dd2079 (patch) | |
tree | cdcac475015e8df21faae1ea0d3e6e8a42a28109 | |
parent | 7bef5e4f0e5ff4a4187f3d63e51a1725ff32b771 (diff) | |
download | samba-a1ddee8d2f9e58e04f3203db9afa576354dd2079.tar.gz samba-a1ddee8d2f9e58e04f3203db9afa576354dd2079.tar.xz samba-a1ddee8d2f9e58e04f3203db9afa576354dd2079.zip |
kdc: Fix S4U2Self handling with KRB5_NT_ENTERPRISE_PRINCIPAL containing a UPN
This is now handled properly by samba_kdc_lookup_server() and this wrapper actually
breaks things.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | source4/kdc/db-glue.c | 21 |
1 files changed, 0 insertions, 21 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index aa7364182a..0bc907ef60 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -1839,7 +1839,6 @@ samba_kdc_check_s4u2self(krb5_context context, krb5_const_principal target_principal) { krb5_error_code ret; - krb5_principal enterprise_prinicpal = NULL; struct ldb_dn *realm_dn; struct ldb_message *msg; struct dom_sid *orig_sid; @@ -1857,30 +1856,10 @@ samba_kdc_check_s4u2self(krb5_context context, return ret; } - if (target_principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) { - /* Need to reparse the enterprise principal to find the real target */ - if (target_principal->name.name_string.len != 1) { - ret = KRB5_PARSE_MALFORMED; - krb5_set_error_message(context, ret, "samba_kdc_check_s4u2self: request for delegation to enterprise principal with wrong (%d) number of components", - target_principal->name.name_string.len); - talloc_free(mem_ctx); - return ret; - } - ret = krb5_parse_name(context, target_principal->name.name_string.val[0], - &enterprise_prinicpal); - if (ret) { - talloc_free(mem_ctx); - return ret; - } - target_principal = enterprise_prinicpal; - } - ret = samba_kdc_lookup_server(context, kdc_db_ctx, mem_ctx, target_principal, HDB_F_GET_CLIENT|HDB_F_GET_SERVER, delegation_check_attrs, &realm_dn, &msg); - krb5_free_principal(context, enterprise_prinicpal); - if (ret != 0) { talloc_free(mem_ctx); return ret; |