pull up r24438 from trunk

 ------------------------------------------------------------------------
 r24438 | tlyu | 2010-10-06 19:57:37 -0400 (Wed, 06 Oct 2010) | 11 lines

 ticket: 6798
 subject: set NT-SRV-INST on TGS principal names
 tags: pullup
 target_version: 1.8.4

 Set NT-SRV-INST on TGS principal names in
 get_in_tkt.c:build_in_tkt_name because Windows Server 2008 R2 RODC
 insists on it.

 Thanks to Bill Fellows for reporting this problem.

ticket: 6798
version_fixed: 1.8.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24439 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 41059af710ff81f54b664279ff35b75febf250db..9c97998876627e4d03c3d15d7e506ab294e65832 100644 (file)
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1023,8 +1023,19 @@ build_in_tkt_name(krb5_context context,
                                        client->realm.length,
                                        client->realm.data,
                                        0);
+        if (ret)
+            return ret;
     }
-    return ret;
+    /*
+     * Windows Server 2008 R2 RODC insists on TGS principal names having the
+     * right name type.
+     */
+    if (krb5_princ_size(context, *server) == 2 &&
+        data_eq_string(*krb5_princ_component(context, *server, 0),
+                       KRB5_TGS_NAME)) {
+        krb5_princ_type(context, *server) = KRB5_NT_SRV_INST;
+    }
+    return 0;
 }
 
 void KRB5_CALLCONV