kdc: allow referrals for krbtgt in transitively trusted realm

Isaac Boukris iboukris at gmail.com
Tue Oct 29 21:29:31 UTC 2019


On Tue, Oct 29, 2019 at 3:50 PM Stefan Metzmacher <metze at samba.org> wrote:
> > The attached poc patch solves the bug, but I think not efficient (and
> > may leak?). I think what I need is, to find out efficiently in
> > samba_kdc_lookup_realm(krbtgt) whether the realm is directly trusted
> > in which case return 0, or only transitively trusted and then return
> > WRONG_REALM with referral to intermediate realm.
> I recently hit the same problem
> and created a different fix.
> Can you have a look?
> It would be good to get this finally fixed.

Lovely, was fun to remember this, looks good to me!

More information about the samba-technical mailing list