|
1 # |
|
2 # This change allows for case insenstive comparisons of principals in the keytab |
|
3 # file. This is necessary in order to interoperate with old Windows clients |
|
4 # that use upper case host name components in service principals. |
|
5 # |
|
6 # Original BugID is: |
|
7 # 15592543 SUNBT6885980 Need case-insensitive keytab lookups for MS interop |
|
8 # |
|
9 # Note: In the future, the depedent code (SMB), should construct an acceptor |
|
10 # name that does not contain the host name component in order perform keytab. |
|
11 # Refer to the 1.10 feature here: |
|
12 # http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names |
|
13 # Patch source: in-house |
|
14 # |
|
15 --- old/src/lib/krb5/keytab/kt_file.c Wed Oct 15 17:55:10 2014 |
|
16 +++ new/src/lib/krb5/keytab/kt_file.c Tue Jan 13 23:56:40 2015 |
|
17 @@ -310,7 +310,21 @@ |
|
18 /* if the principal isn't the one requested, free new_entry |
|
19 and continue to the next. */ |
|
20 |
|
21 - if (!krb5_principal_compare(context, principal, new_entry.principal)) { |
|
22 + /* |
|
23 + * Solaris Kerberos: MS Interop requires that case insensitive |
|
24 + * comparisons of service and host components are performed for key |
|
25 + * table lookup, etc. Only called if the private environment variable |
|
26 + * MS_INTEROP is defined. |
|
27 + */ |
|
28 + if (getenv("MS_INTEROP")) { |
|
29 + if (!krb5_principal_compare_flags(context, principal, |
|
30 + new_entry.principal, |
|
31 + KRB5_PRINCIPAL_COMPARE_CASEFOLD)) { |
|
32 + krb5_kt_free_entry(context, &new_entry); |
|
33 + continue; |
|
34 + } |
|
35 + } else if (!krb5_principal_compare(context, principal, |
|
36 + new_entry.principal)) { |
|
37 krb5_kt_free_entry(context, &new_entry); |
|
38 continue; |
|
39 } |