svn rev #23927: trunk/src/lib/krb5/krb/
ghudson@MIT.EDU
ghudson at MIT.EDU
Thu Apr 22 19:29:40 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=23927
Commit By: ghudson
Log Message:
>From Luke: fix the post-canonicalization cache check logic in
krb5_get_credentials_for_user().
Changed Files:
U trunk/src/lib/krb5/krb/s4u_creds.c
Modified: trunk/src/lib/krb5/krb/s4u_creds.c
===================================================================
--- trunk/src/lib/krb5/krb/s4u_creds.c 2010-04-22 20:07:08 UTC (rev 23926)
+++ trunk/src/lib/krb5/krb/s4u_creds.c 2010-04-22 23:29:40 UTC (rev 23927)
@@ -685,11 +685,17 @@
if (code != 0)
goto cleanup;
- code = krb5_get_credentials(context, options | KRB5_GC_CACHED,
- ccache, in_creds, out_creds);
- if ((code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE)
- || options & KRB5_GC_CACHED)
- goto cleanup;
+ if (in_creds->client != NULL &&
+ in_creds->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+ /* Post-canonicalisation check for enterprise principals */
+ krb5_creds mcreds = *in_creds;
+ mcreds.client = realm;
+ code = krb5_get_credentials(context, options | KRB5_GC_CACHED,
+ ccache, &mcreds, out_creds);
+ if ((code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE)
+ || (options & KRB5_GC_CACHED))
+ goto cleanup;
+ }
code = krb5_get_self_cred_from_kdc(context, options, ccache,
in_creds, subject_cert,
More information about the cvs-krb5
mailing list