git.samba.org / metze / heimdal / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a59bb71)
kdc: principals of type NT-UNKNOWN can be anonymous
authorJeffrey Altman <jaltman@secure-endpoints.com>
Sun, 17 Jul 2016 21:53:34 +0000 (17:53 -0400)
committerNicolas Williams <nico@twosigma.com>
Tue, 15 Nov 2016 03:29:47 +0000 (21:29 -0600)
The _kdc_is_anonymous() helper function must take into account
that principals of type NT-UNKNOWN can match any other principal
type including NT-WELLKNOWN.

Change-Id: I6085b9471f6f1d662119e359491bbdce629ef048

kdc/kerberos5.c patch | blob | history

diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index e9a5b79e7267f39f2370165c790487516cd6724f..d7662658f758d2d362b598a5a117b468f900f6df 100644 (file)
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -1544,7 +1544,8 @@ generate_pac(kdc_request_t r, Key *skey)
 krb5_boolean
 _kdc_is_anonymous(krb5_context context, krb5_principal principal)
 {
-    if (principal->name.name_type != KRB5_NT_WELLKNOWN ||
+    if ((principal->name.name_type != KRB5_NT_WELLKNOWN &&
+        principal->name.name_type != KRB5_NT_UNKNOWN) ||
        principal->name.name_string.len != 2 ||
        strcmp(principal->name.name_string.val[0], KRB5_WELLKNOWN_NAME) != 0 ||
        strcmp(principal->name.name_string.val[1], KRB5_ANON_NAME) != 0)
Unnamed repository; edit this file to name it for gitweb.