krb5 commit: Fix is_referral flag in KDC TGS code
Greg Hudson
ghudson at MIT.EDU
Thu Jan 31 01:32:04 EST 2013
https://github.com/krb5/krb5/commit/c072b059ecff257e7600be0e86869decd135d422
commit c072b059ecff257e7600be0e86869decd135d422
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Jan 31 01:26:22 2013 -0500
Fix is_referral flag in KDC TGS code
A server response which is a cross-realm TGT is not a referral if it
was directly requested by the client. Misclassifying such a response
as a referral means we don't mirror the request's name type, which has
been observed to break older Java clients.
ticket: 7555 (new)
src/kdc/do_tgs_req.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index d2b89e2..12589b8 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -246,7 +246,7 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
setflag(c_flags, KRB5_KDB_FLAG_CROSS_REALM);
is_referral = krb5_is_tgs_principal(server->princ) &&
- !krb5_principal_compare(kdc_context, tgs_server, server->princ);
+ !krb5_principal_compare(kdc_context, request->server, server->princ);
/* Check for protocol transition */
errcode = kdc_process_s4u2self_req(kdc_active_realm,
More information about the cvs-krb5
mailing list