| commit | 75d1a7cd14b134506061ed64ddb9b99856231d2c | |
| author | Luke Howard <lukeh@padl.com> | |
| Thu, 23 Sep 2021 04:39:35 +0000 (23 14:39 +1000) | ||
| committer | Andrew Bartlett <abartlet@samba.org> | |
| Thu, 14 Oct 2021 18:59:31 +0000 (14 18:59 +0000) | ||
| tree | cca317b2728eac47ccad12802105886710c19130 | treesnapshot (tar.gz zip) |
| parent | db30b71f79864a20b38a1f812a5df833f3a92de8 | commitdiff |
kdc: use ticket client name when signing PAC
The principal in the PAC_LOGON_NAME buffer is expected to match the client name
in the ticket. Previously we were setting this to the canonical client name,
which would have broken PAC validation if the client did not request name
canonicalization
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton@samba.org Backported from Heimdal commit
3b0856cab2b25624deb1f6e0e67637ba96a647ac
- Renamed variable to avoid shadowing existing variable
]
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The principal in the PAC_LOGON_NAME buffer is expected to match the client name
in the ticket. Previously we were setting this to the canonical client name,
which would have broken PAC validation if the client did not request name
canonicalization
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton@samba.org Backported from Heimdal commit
3b0856cab2b25624deb1f6e0e67637ba96a647ac
- Renamed variable to avoid shadowing existing variable
]
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| source4/heimdal/kdc/kerberos5.c | diffblobblamehistory |