Skip to content

Commit da52236

Browse files
SteveSyfuhsSteveSyfuhs
authored
Merge pull request #408 from MaximeKjaer/isolate-exception
Avoid exception when ClientRealmName is null and IsolateRealmsConsistently is off
2 parents c443f1f + 6a83b99 commit da52236

2 files changed

Lines changed: 41 additions & 1 deletion

File tree

Kerberos.NET/Entities/Krb/KrbKdcRep.cs

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,11 @@ out MessageType messageType
110110
if (request.Compatibility.HasFlag(KerberosCompatibilityFlags.NormalizeRealmsUppercase))
111111
{
112112
request.RealmName = request.RealmName?.ToUpperInvariant();
113-
request.ClientRealmName = request.ClientRealmName?.ToUpperInvariant() ?? throw new InvalidOperationException("Unknown client realm name");
113+
114+
if (request.Compatibility.HasFlag(KerberosCompatibilityFlags.IsolateRealmsConsistently))
115+
{
116+
request.ClientRealmName = request.ClientRealmName?.ToUpperInvariant() ?? throw new InvalidOperationException("Unknown client realm name");
117+
}
114118
}
115119

116120
authz ??= GenerateAuthorizationData(request);

Tests/Tests.Kerberos.NET/Messages/KrbKdcRepTests.cs

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,42 @@ public void CreateServiceTicket_NullPrincipal()
6969
});
7070
}
7171

72+
[TestMethod]
73+
public void CreateServiceTicket_NullClientRealmName()
74+
{
75+
var key = KrbEncryptionKey.Generate(EncryptionType.AES128_CTS_HMAC_SHA1_96).AsKey();
76+
77+
// This should not throw, as ClientRealmName is allowed to be null if CompatibilityFlags.IsolateRealmsConsistently is not set
78+
var tgsRep = KrbKdcRep.GenerateServiceTicket<KrbTgsRep>(new ServiceTicketRequest
79+
{
80+
EncryptedPartKey = key,
81+
ServicePrincipal = new FakeKerberosPrincipal("blah@blah.com"),
82+
ServicePrincipalKey = key,
83+
Principal = new FakeKerberosPrincipal("blah@blah2.com"),
84+
RealmName = "blah.com",
85+
ClientRealmName = null,
86+
Compatibility = KerberosCompatibilityFlags.NormalizeRealmsUppercase,
87+
});
88+
}
89+
90+
[TestMethod]
91+
[ExpectedException(typeof(InvalidOperationException))]
92+
public void CreateServiceTicket_NullClientRealmName_IsolateRealmsConsistently()
93+
{
94+
var key = KrbEncryptionKey.Generate(EncryptionType.AES128_CTS_HMAC_SHA1_96).AsKey();
95+
96+
var tgsRep = KrbKdcRep.GenerateServiceTicket<KrbTgsRep>(new ServiceTicketRequest
97+
{
98+
EncryptedPartKey = key,
99+
ServicePrincipal = new FakeKerberosPrincipal("blah@blah.com"),
100+
ServicePrincipalKey = key,
101+
Principal = new FakeKerberosPrincipal("blah@blah2.com"),
102+
RealmName = "blah.com",
103+
ClientRealmName = null,
104+
Compatibility = KerberosCompatibilityFlags.NormalizeRealmsUppercase | KerberosCompatibilityFlags.IsolateRealmsConsistently,
105+
});
106+
}
107+
72108
[TestMethod]
73109
public void CreateServiceTicket()
74110
{

0 commit comments

Comments
 (0)