This matches the behaviour of Windows.
NOTE: This commit finally works again!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
int eq = 1;
krb5_error_code ret = 0;
+ if (krb5_princ_size(context, principal) > 2) {
+ return 0;
+ }
+
ret = smb_krb5_principal_get_comp_string(NULL, context, principal, 0, &p);
if (ret == ENOENT) {
return 0;
return -1;
}
- eq = krb5_princ_size(context, principal) == 2 &&
- (strcmp(p, KRB5_TGS_NAME) == 0);
+ eq = strcmp(p, KRB5_TGS_NAME) == 0;
talloc_free(p);
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.ConditionalAceTests\.test_device_in_network_group_rbcd\(ad_dc\)$
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.DeviceRestrictionTests\.test_device_in_network_group\(ad_dc\)$
^samba\.tests\.krb5\.conditional_ace_tests\.samba\.tests\.krb5\.conditional_ace_tests\.TgsReqServicePolicyTests\.test_device_in_network_group\(ad_dc\)$
-#
-# Single‐component krbtgt principal tests
-#
-^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_krbtgt_single_component_krbtgt\(fl2003dc\)$
-^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_krbtgt_single_component_krbtgt\(fl2008r2dc\)$
-^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_as_req\(ad_dc\)$
-^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_tgs_req\(ad_dc\)$
-^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_requester_sid_as_req\(ad_dc\)$
-^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_requester_sid_tgs_req\(ad_dc\)$
-^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_service_ticket\(ad_dc\)$
-^samba\.tests\.krb5\.kpasswd_tests\.samba\.tests\.krb5\.kpasswd_tests\.KpasswdTests\.test_kpasswd_tgt_single_component_krbtgt\(ad_dc\)$
#
# Single‐component krbtgt principal tests
#
-^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_krbtgt_single_component_krbtgt\(fl2003dc\)$
-^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_krbtgt_single_component_krbtgt\(fl2008r2dc\)$
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_as_req\(ad_dc\)$
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_no_pac_tgs_req\(ad_dc\)$
-^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_requester_sid_as_req\(ad_dc\)$
-^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_requester_sid_tgs_req\(ad_dc\)$
^samba\.tests\.krb5\.kdc_tgs_tests\.samba\.tests\.krb5\.kdc_tgs_tests\.KdcTgsTests\.test_single_component_krbtgt_service_ticket\(ad_dc\)$
-^samba\.tests\.krb5\.kpasswd_tests\.samba\.tests\.krb5\.kpasswd_tests\.KpasswdTests\.test_kpasswd_tgt_single_component_krbtgt\(ad_dc\)$
}
if (lpcfg_is_my_domain_or_realm(lp_ctx, realm_from_princ)
- && lpcfg_is_my_domain_or_realm(lp_ctx, realm_princ_comp)) {
+ && (realm_princ_comp == NULL || lpcfg_is_my_domain_or_realm(lp_ctx, realm_princ_comp))) {
/* us, or someone quite like us */
/* Kludge, kludge, kludge. If the realm part of krbtgt/realm,
* is in our db, then direct the caller at our primary