git.ipfire.org Git - thirdparty/samba.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Sun, 15 Oct 2023 23:33:15 +0000 (12:33 +1300)
committer	Stefan Metzmacher <metze@samba.org>
	Mon, 16 Oct 2023 14:39:33 +0000 (14:39 +0000)
commit	cbb8145d0c58b34b76a579afd81f0e19ec7106b6
tree	4fabd4ac74bdc2cfa9d811a939a0ef6839a5b9bd	tree \| snapshot
parent	c99fe118fdf11c641d74a51d33b52ac411db95f5	commit \| diff

third_party/heimdal kdc: introduce HDB_F_USER2USER_PRINCIPAL (import lorikeet-heimdal-202310152331 (commit a571340c9e1b75d4f5d96f08fcf9fd660d3ba3d4))

This allows HDB backends to do special handling for
User2User TGS-REQs. The main reason is to let
the HDB_F_GET_SERVER lookup to succeed even for
non-computer accounts. In Samba these are typically
not returned in HDB_F_GET_SERVER in order to avoid
generating tickets with the user password.

But for User2User the account password is not used,
so it is safe to return the server entry.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org Adapted to be an import from lorikeet-heimdal as requested]

third_party/heimdal/kdc/krb5tgs.c		diff \| blob \| blame \| history
third_party/heimdal/lib/hdb/hdb.h		diff \| blob \| blame \| history