| commit | db8fd3d6a315b140ebd6ccd0dcdfdcf27cd1bb38 | |
| author | Stefan Metzmacher <metze@samba.org> | |
| Tue, 17 Sep 2019 06:05:09 +0000 (17 08:05 +0200) | ||
| committer | Günther Deschner <gd@samba.org> | |
| Tue, 24 Sep 2019 18:30:37 +0000 (24 18:30 +0000) | ||
| tree | 72a5534a3a4f6025c84f612203ff5ab791ff3ae2 | treesnapshot (tar.gz zip) |
| parent | acbf922fc2963a42d6cbe652bb32eee231020958 | commitdiff |
s4:auth: use the correct client realm in gensec_gssapi_update_internal()
The function gensec_gssapi_client_creds() may call kinit and gets
a TGT for the user. The principal provided by the user may not
be canonicalized. The user may use 'given.last@example.com'
but that may be mapped to glast@AD.EXAMPLE.PRIVATE in the background.
It means we should use client_realm = AD.EXAMPLE.PRIVATE
instead of client_realm = EXAMPLE.COM
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The function gensec_gssapi_client_creds() may call kinit and gets
a TGT for the user. The principal provided by the user may not
be canonicalized. The user may use 'given.last@example.com'
but that may be mapped to glast@AD.EXAMPLE.PRIVATE in the background.
It means we should use client_realm = AD.EXAMPLE.PRIVATE
instead of client_realm = EXAMPLE.COM
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
| source4/auth/gensec/gensec_gssapi.c | diffblobblamehistory |