diff options
author | Stefan Metzmacher <metze@samba.org> | 2019-09-13 16:04:30 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-09-25 23:37:33 +0000 |
commit | d7f0baf2f5431350e57b9bc24f7656fb91a730f5 (patch) | |
tree | f3a654294ca0bf3995cd89d7a3485767c01c9d8c | |
parent | 73608fced20bf6ac8a90d4032389c4958e419c43 (diff) | |
download | samba-d7f0baf2f5431350e57b9bc24f7656fb91a730f5.tar.gz |
s3:libads: ads_krb5_chg_password() should always use the canonicalized principal
We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.
There's no reason to have a different logic between MIT and Heimdal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 303b7e59a286896888ee2473995fc50bb2b5ce5e)
-rw-r--r-- | source3/libads/krb5_setpw.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index c3c9477c4cf..67bc2f4640d 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -203,6 +203,12 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, krb5_get_init_creds_opt_set_renew_life(opts, 0); krb5_get_init_creds_opt_set_forwardable(opts, 0); krb5_get_init_creds_opt_set_proxiable(opts, 0); +#ifdef SAMBA4_USES_HEIMDAL + krb5_get_init_creds_opt_set_win2k(context, opts, true); + krb5_get_init_creds_opt_set_canonicalize(context, opts, true); +#else /* MIT */ + krb5_get_init_creds_opt_set_canonicalize(opts, true); +#endif /* MIT */ /* note that heimdal will fill in the local addresses if the addresses * in the creds_init_opt are all empty and then later fail with invalid |