morgan/FreeRDP
1
0
Fork 0
mirror of https://github.com/morgan9e/FreeRDP synced 2026-04-15 00:44:19 +09:00
Code Issues Packages Projects Releases Wiki Activity

[winpr,sspi] fix realm usage for Heimdal

Browse Source 
Fix retrieval of realm name from krb5_principal::realm
* MIT krb5 uses type krb5_data
* Heimdal krb5 uses type Realm
This commit is contained in:
akallabeth
2025-05-16 09:30:50 +02:00
parent abbc6ba37f
commit 135fdb0b9c
1 changed files with 36 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
winpr/libwinpr/sspi/Kerberos/kerberos.c
View File

@@ -245,18 +245,42 @@ static BOOL isValidIP(const char* ipAddress)
return isValidIPv4(ipAddress) || isValidIPv6(ipAddress);
}
static int build_krbtgt(krb5_context ctx, krb5_data* realm, krb5_principal* ptarget)
#if defined(WITH_KRB5_MIT)
WINPR_ATTR_MALLOC(free, 1)
static char* get_realm_name(krb5_data realm, size_t* plen)
{
WINPR_ASSERT(plen);
*plen = 0;
if ((realm.length <= 0) || (!realm.data))
return NULL;
char* name = NULL;
(void)winpr_asprintf(&name, plen, "krbtgt/%*s@%*s", realm.length, realm.data, realm.length,
realm.data);
return name;
}
#elif defined(WITH_KRB5_HEIMDAL)
WINPR_ATTR_MALLOC(free, 1)
static char* get_realm_name(Realm realm, size_t* plen)
{
WINPR_ASSERT(plen);
*plen = 0;
if (!realm)
return NULL;
char* name = NULL;
(void)winpr_asprintf(&name, plen, "krbtgt/%s@%s", realm, realm);
return name;
}
#endif
static int build_krbtgt(krb5_context ctx, krb5_principal principal, krb5_principal* ptarget)
{
/* "krbtgt/" + realm + "@" + realm */
size_t len = 0;
char* name = NULL;
krb5_error_code rv = KRB5_CC_NOMEM;
if ((realm->length <= 0) || (!realm->data))
goto fail;
WINPR_ASSERT(strnlen(realm->data, realm->length + 1) <= realm->length);
(void)winpr_asprintf(&name, &len, "krbtgt/%s@%s", realm->data, realm->data);
char* name = get_realm_name(principal->realm, &len);
if (!name || (len == 0))
goto fail;
@@ -341,6 +365,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA(
if (rv)
goto cleanup;
WINPR_ASSERT(principal);
}
if (krb_settings && krb_settings->cache)
@@ -419,7 +444,8 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA(
matchCreds.times.endtime += 60;
matchCreds.client = principal;
if (krb_log_exec(build_krbtgt, ctx, &principal->realm, &matchCreds.server))
WINPR_ASSERT(principal);
if (krb_log_exec(build_krbtgt, ctx, principal, &matchCreds.server))
goto cleanup;
int rv = krb5_cc_retrieve_cred(ctx, ccache, matchFlags, &matchCreds, &creds);
@@ -1371,6 +1397,8 @@ static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext(
KRB5_PRINCIPAL_PARSE_NO_REALM, &principal))
goto cleanup;
WINPR_ASSERT(principal);
if (realm)
{
if (krb_log_exec(krb5glue_set_principal_realm, credentials->ctx, principal, realm))