projects / krb5.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use correct name-type in TGS-REQs for 2008R2 RODCs
[krb5.git] / src / lib / krb5 / krb / tgtname.c
diff --git a/src/lib/krb5/krb/tgtname.c b/src/lib/krb5/krb/tgtname.c
index 1a02880c6e2c6828ea687538fe9297ec0da6485d..1cd113a1d5bc4f3f14c1c8600fc193e5e3050203 100644 (file)
--- a/src/lib/krb5/krb/tgtname.c
+++ b/src/lib/krb5/krb/tgtname.c
@@ -30,8 +30,19 @@
 krb5_error_code
 krb5int_tgtname(krb5_context context, const krb5_data *server, const krb5_data *client, krb5_principal *tgtprinc)
 {
-    return krb5_build_principal_ext(context, tgtprinc, client->length, client->data,
-                                    KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
-                                    server->length, server->data,
-                                    0);
+    krb5_error_code ret;
+
+    ret = krb5_build_principal_ext(context, tgtprinc, client->length, client->data,
+                                   KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+                                   server->length, server->data,
+                                   0);
+    if (ret)
+        return ret;
+    /*
+     * Windows Server 2008 R2 RODC insists on TGS principal names having the
+     * right name type.
+     */
+    krb5_princ_type(context, *tgtprinc) = KRB5_NT_SRV_INST;
+
+    return ret;
 }
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.