From 209886e95c3afe1e4e50bacc30b40a543856a7a0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 29 Jan 2017 17:19:14 +0100 Subject: HEIMDAL:kdc: make it possible to disable the principal based referral detection BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- source4/heimdal/kdc/default_config.c | 1 + source4/heimdal/kdc/kdc.h | 2 ++ source4/heimdal/kdc/krb5tgs.c | 4 +++- 3 files changed, 6 insertions(+), 1 deletion(-) (limited to 'source4') diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index 6fbf5fdae15..0129c5d3c54 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -55,6 +55,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c->preauth_use_strongest_session_key = FALSE; c->tgs_use_strongest_session_key = FALSE; c->use_strongest_server_key = TRUE; + c->autodetect_referrals = TRUE; c->check_ticket_addresses = TRUE; c->allow_null_ticket_addresses = TRUE; c->allow_anonymous = FALSE; diff --git a/source4/heimdal/kdc/kdc.h b/source4/heimdal/kdc/kdc.h index 9d52fd4c2ec..16263d6919b 100644 --- a/source4/heimdal/kdc/kdc.h +++ b/source4/heimdal/kdc/kdc.h @@ -69,6 +69,8 @@ typedef struct krb5_kdc_configuration { krb5_boolean allow_anonymous; enum krb5_kdc_trpolicy trpolicy; + krb5_boolean autodetect_referrals; + krb5_boolean enable_pkinit; krb5_boolean pkinit_princ_in_cert; const char *pkinit_kdc_identity; diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 334a6eb1dc8..a888788bb6f 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1660,7 +1660,9 @@ server_lookup: Realm req_rlm; krb5_realm *realms; - if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) { + if (!config->autodetect_referrals) { + /* noop */ + } else if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) { if(nloop++ < 2) { new_rlm = find_rpath(context, tgt->crealm, req_rlm); if(new_rlm) { -- cgit v1.2.1