1 #

     2 # This change allows for case insenstive comparisons of principals in the keytab

     3 # file.  This is necessary in order to interoperate with old Windows clients

     4 # that use upper case host name components in service principals.

     5 #

     6 # Original BugID is:

     7 # 15592543 SUNBT6885980 Need case-insensitive keytab lookups for MS interop

     8 #

     9 # Note: In the future, the depedent code (SMB), should construct an acceptor

    10 # name that does not contain the host name component in order perform keytab.

    11 # Refer to the 1.10 feature here:

    12 # 	http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names

    13 # Patch source: in-house

    14 #

    15 --- old/src/lib/krb5/keytab/kt_file.c	Wed Oct 15 17:55:10 2014

    16 +++ new/src/lib/krb5/keytab/kt_file.c	Tue Jan 13 23:56:40 2015

    17 @@ -310,7 +310,21 @@

    18          /* if the principal isn't the one requested, free new_entry

    19             and continue to the next. */

    20  

    21 -        if (!krb5_principal_compare(context, principal, new_entry.principal)) {

    22 +	/*

    23 +	 * Solaris Kerberos: MS Interop requires that case insensitive

    24 +	 * comparisons of service and host components are performed for key

    25 +	 * table lookup, etc. Only called if the private environment variable

    26 +	 * MS_INTEROP is defined.

    27 +	 */

    28 +	if (getenv("MS_INTEROP")) {

    29 +	    if (!krb5_principal_compare_flags(context, principal,

    30 +					      new_entry.principal,

    31 +					KRB5_PRINCIPAL_COMPARE_CASEFOLD)) {

    32 +		krb5_kt_free_entry(context, &new_entry);

    33 +		continue;

    34 +	    }

    35 +	} else if (!krb5_principal_compare(context, principal,

    36 +					   new_entry.principal)) {

    37              krb5_kt_free_entry(context, &new_entry);

    38              continue;

    39          }