BROKEN-CHECK s4:kdc: fix samba_kdc_lookup_realm() with krbtgt/OTHER.REALM/OUR.REALM

author Stefan Metzmacher <metze@samba.org>

Thu, 10 Oct 2019 14:22:35 +0000 (16:22 +0200)

committer Stefan Metzmacher <metze@samba.org>

Fri, 2 Feb 2024 10:31:16 +0000 (11:31 +0100)
author Stefan Metzmacher <metze@samba.org>
Thu, 10 Oct 2019 14:22:35 +0000 (16:22 +0200)
committer Stefan Metzmacher <metze@samba.org>
Fri, 2 Feb 2024 10:31:16 +0000 (11:31 +0100)
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c

index 753f0270a9bb17e9dcc1c3fe459846df9bf4784e..5cd14c7b4c764a10b85c8bb0b04d799368570309 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -2897,6 +2897,7 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context,
         unsigned int num_comp;
         bool ok;
         char *upper = NULL;
+       bool get_krbtgt = false;
  
         *entry = (struct sdb_entry) {};
  
@@ -2972,6 +2973,7 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context,
         if (flags & SDB_F_GET_SERVER) {
                 bool is_krbtgt = false;
  
+<<<<<<< HEAD
                 ret = is_principal_component_equal(context, principal, 0, KRB5_TGS_NAME, &is_krbtgt);
                 if (ret) {
                         TALLOC_FREE(frame);
@@ -2984,6 +2986,15 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context,
                          */
                         TALLOC_FREE(frame);
                         return 0;
+=======
+               ret = principal_comp_strcmp(context, principal, 0, KRB5_TGS_NAME);
+               if (ret == 0) {
+                       if (num_comp != 2) {
+                               TALLOC_FREE(frame);
+                               return SDB_ERR_NOENTRY;
+                       }
+                       get_krbtgt = true;
+>>>>>>> 85820e0ba8a1 (CHECK s4:kdc: fix samba_kdc_lookup_realm() with krbtgt/OTHER.REALM/OUR.REALM)
                 }
  
                 /*
@@ -3039,6 +3050,25 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context,
                 return 0;
         }
  
+       if (get_krbtgt) {
+               ok = strequal(realm, tdo->domain_name.string);
+               if (ok) {
+                       /*
+                        * This principal has to be local
+                        */
+                       TALLOC_FREE(frame);
+                       return 0;
+               }
+               ok = strequal(realm, tdo->netbios_name.string);
+               if (ok) {
+                       /*
+                        * This principal has to be local
+                        */
+                       TALLOC_FREE(frame);
+                       return 0;
+               }
+       }
+
         if (tdo->trust_attributes & LSA_TRUST_ATTRIBUTE_WITHIN_FOREST) {
                 /*
                  * TODO: handle the routing within the forest
author	Stefan Metzmacher <metze@samba.org>
	Thu, 10 Oct 2019 14:22:35 +0000 (16:22 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Fri, 2 Feb 2024 10:31:16 +0000 (11:31 +0100)