diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-08-28 12:11:40 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-08-28 13:50:52 -0400 |
commit | 24a29f8c0f9f78f96e3795410e202b139fce6236 (patch) | |
tree | 7addee6fc5dc65777ece53f8b6c361bb5229a238 /src/kdc/do_tgs_req.c | |
parent | 7e1ed6156c6aaa0159c0976a4d93b60a18dc6473 (diff) | |
download | krb5-24a29f8c0f9f78f96e3795410e202b139fce6236.tar.gz krb5-24a29f8c0f9f78f96e3795410e202b139fce6236.tar.xz krb5-24a29f8c0f9f78f96e3795410e202b139fce6236.zip |
Fix KDC reply service principal for aliases
If a client requests a service ticket for the alias of a service
principal, RFC 6806 section 6 requires that the KDC issue a ticket
which appears to be for the alias and not for the canonical name.
After calling search_sprinc(), only replace request->server with
server->princ if the latter is a TGT; this will be the case for an
alternate cross-realm TGT or a host referral, but not for a simple
service alias.
ticket: 7698
target_version: 1.11.4
tags: pullup
Diffstat (limited to 'src/kdc/do_tgs_req.c')
-rw-r--r-- | src/kdc/do_tgs_req.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 2d5fceed94..6710912b00 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -217,14 +217,21 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt, if (errcode != 0) goto cleanup; sprinc = server->princ; - /* XXX until nothing depends on request being mutated */ - krb5_free_principal(kdc_context, request->server); - request->server = NULL; - errcode = krb5_copy_principal(kdc_context, server->princ, - &request->server); - if (errcode != 0) { - status = "COPYING RESOLVED SERVER"; - goto cleanup; + if (krb5_is_tgs_principal(server->princ)) { + /* + * We may be issuing an alternate TGT or host referral, in which case + * we should use the canonical name in the reply. XXX We should track + * the reply server separately instead of modifying request->server, + * but that requires a bunch of code changes. + */ + krb5_free_principal(kdc_context, request->server); + request->server = NULL; + errcode = krb5_copy_principal(kdc_context, server->princ, + &request->server); + if (errcode != 0) { + status = "COPYING RESOLVED SERVER"; + goto cleanup; + } } if ((errcode = krb5_timeofday(kdc_context, &kdc_time))) { |