Change KDC to respect HDB server name type if f.canonicalize is set

author Andrew Bartlett <abartlet@samba.org>

Wed, 5 Sep 2018 02:50:00 +0000 (14:50 +1200)

committer Stefan Metzmacher <metze@samba.org>

Wed, 29 Apr 2020 09:07:57 +0000 (11:07 +0200)
author Andrew Bartlett <abartlet@samba.org>
Wed, 5 Sep 2018 02:50:00 +0000 (14:50 +1200)
committer Stefan Metzmacher <metze@samba.org>
Wed, 29 Apr 2020 09:07:57 +0000 (11:07 +0200)
diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c

index 027f8dff2933cc8d30d757b140ad4c108b9bc3ba..4d14cbcb6b93d6fb970298796cfd45a45bc776f4 100644 (file)
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -2146,10 +2146,13 @@ _kdc_as_rep(astgs_request_t r)
         _krb5_principal2principalname(&rep.ticket.sname,
                                       r->server_princ);
      /* java 1.6 expects the name to be the same type, lets allow that
-     * uncomplicated name-types. */
+     * uncomplicated name-types, when f.canonicalize is not set (to
+     * match Windows Server 1709). */
  #define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
-    if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
+    if (!f.canonicalize
+       && (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))) {
         rep.ticket.sname.name_type = b->sname->name_type;
+    }
  #undef CNT
  
      r->et.flags.initial = 1;
author	Andrew Bartlett <abartlet@samba.org>
	Wed, 5 Sep 2018 02:50:00 +0000 (14:50 +1200)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 29 Apr 2020 09:07:57 +0000 (11:07 +0200)