| commit | 9f2d5ae0c59834ea97682a98f2b69fdec2c98a9f | |
| author | Stefan Metzmacher <metze@samba.org> | |
| Tue, 17 Sep 2019 06:05:09 +0000 (17 08:05 +0200) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Wed, 25 Sep 2019 23:37:30 +0000 (25 23:37 +0000) | ||
| tree | d6bbe9a4ee72242a9caef9da432f2c4a35940429 | treesnapshot (tar.gz zip) |
| parent | 05eb45e1d3753763283a777b1fd92b8d7936be94 | commitdiff |
s4:auth: use the correct client realm in gensec_gssapi_update_internal()
The function gensec_gssapi_client_creds() may call kinit and gets
a TGT for the user. The principal provided by the user may not
be canonicalized. The user may use 'given.last@example.com'
but that may be mapped to glast@AD.EXAMPLE.PRIVATE in the background.
It means we should use client_realm = AD.EXAMPLE.PRIVATE
instead of client_realm = EXAMPLE.COM
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit db8fd3d6a315b140ebd6ccd0dcdfdcf27cd1bb38)
The function gensec_gssapi_client_creds() may call kinit and gets
a TGT for the user. The principal provided by the user may not
be canonicalized. The user may use 'given.last@example.com'
but that may be mapped to glast@AD.EXAMPLE.PRIVATE in the background.
It means we should use client_realm = AD.EXAMPLE.PRIVATE
instead of client_realm = EXAMPLE.COM
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit db8fd3d6a315b140ebd6ccd0dcdfdcf27cd1bb38)
| source4/auth/gensec/gensec_gssapi.c | diffblobblamehistory |