From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 20 Sep 2023 23:22:47 +0000 (+1200)
Subject: s4:kdc: Make use of smb_krb5_principal_is_tgs()
X-Git-Tag: talloc-2.4.2~1007
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d7a05bf780481a2792ff87ae635fb91e1f0c640;p=thirdparty%2Fsamba.git

s4:kdc: Make use of smb_krb5_principal_is_tgs()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 9f3f276bc54..29b60a663c7 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -2448,6 +2448,7 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
 	TALLOC_CTX *tmp_ctx = NULL;
 	struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
 	krb5_error_code ret = 0;
+	int is_krbtgt;
 	struct ldb_message *msg = NULL;
 	struct ldb_dn *realm_dn = ldb_get_default_basedn(kdc_db_ctx->samdb);
 	char *realm_from_princ;
@@ -2467,8 +2468,11 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
 		goto out;
 	}
 
-	if (krb5_princ_size(context, principal) != 2
-	    || (principal_comp_strcmp(context, principal, 0, KRB5_TGS_NAME) != 0)) {
+	is_krbtgt = smb_krb5_principal_is_tgs(context, principal);
+	if (is_krbtgt == -1) {
+		ret = ENOMEM;
+		goto out;
+	} else if (!is_krbtgt) {
 		/* Not a krbtgt */
 		ret = SDB_ERR_NOENTRY;
 		goto out;