From d92f21ae1b3051f96043c64320a768551de39d5a Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Fri, 31 Jan 2020 22:58:18 +0100 Subject: [PATCH 1/2] Fix DAL v8 support Signed-off-by: Isaac Boukris Reviewed-By: Alexander Bokovoy --- daemons/ipa-kdb/ipa_kdb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index 3982c131b..8f3c22070 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -720,8 +720,8 @@ stub_sign_authdata(krb5_context context, unsigned int flags, void *ad_info, krb5_data ***auth_indicators, krb5_authdata ***signed_auth_data) { - krb5_db_entry *krbtgt = header_server ? header_server : server; - krb5_keyblock *krbtgt_key = header_key ? header_key : server_key; + krb5_db_entry *krbtgt = header_server ? header_server : local_tgt; + krb5_keyblock *krbtgt_key = header_key ? header_key : local_tgt_key; return ipadb_sign_authdata(context, flags, client_princ, client, server, krbtgt, client_key, server_key, krbtgt_key, -- 2.24.1 From c940f96b700d845afda014d41a0004068d379a9a Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Fri, 31 Jan 2020 23:03:09 +0100 Subject: [PATCH 2/2] Fix legacy S4U2Proxy in DAL v8 support Signed-off-by: Isaac Boukris Reviewed-By: Alexander Bokovoy --- daemons/ipa-kdb/ipa_kdb.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index 8f3c22070..7bd30be85 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -723,6 +723,12 @@ stub_sign_authdata(krb5_context context, unsigned int flags, krb5_db_entry *krbtgt = header_server ? header_server : local_tgt; krb5_keyblock *krbtgt_key = header_key ? header_key : local_tgt_key; + if (flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION) { + client = header_server; + krbtgt = local_tgt; + krbtgt_key = local_tgt_key; + } + return ipadb_sign_authdata(context, flags, client_princ, client, server, krbtgt, client_key, server_key, krbtgt_key, session_key, authtime, tgt_auth_data, -- 2.24.1