diff options
| author | Tom Yu <tlyu@mit.edu> | 2010-12-01 02:15:55 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2010-12-01 02:15:55 +0000 |
| commit | 2b43bbbf64af9dd6648adfd54f547c12f44b41ee (patch) | |
| tree | 618ac54989eda825b2d489facc9eca66f67f9f2e | |
| parent | dfe362513ca35f7698ad801bc5f19bcbf583477f (diff) | |
| download | krb5-2b43bbbf64af9dd6648adfd54f547c12f44b41ee.zip krb5-2b43bbbf64af9dd6648adfd54f547c12f44b41ee.tar.gz krb5-2b43bbbf64af9dd6648adfd54f547c12f44b41ee.tar.bz2 | |
pull up r24518 from trunk
------------------------------------------------------------------------
r24518 | ghudson | 2010-11-15 21:30:16 -0500 (Mon, 15 Nov 2010) | 12 lines
ticket: 6819
subject: Handle referral realm in kprop client principal
target_version: 1.9
tags: pullup
kprop uses krb5_sname_to_principal() to determine its client
principal. If the local hostname cannot be mapped to a realm based on
the profile's domain_realm section, krb5_sname_to_principal() will (as
of 1.6) return a principal with the referral realm (""), which does
not work in a client principal. Handle this by substituting the
default realm.
ticket: 6819
version_fixed: 1.9
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24541 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/slave/kprop.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/slave/kprop.c b/src/slave/kprop.c index 22ac3a6..0cb8b3b 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -188,7 +188,7 @@ void PRS(argc, argv) void get_tickets(context) krb5_context context; { - char buf[BUFSIZ]; + char buf[BUFSIZ], *def_realm; krb5_error_code retval; static char tkstring[] = "/tmp/kproptktXXXXXX"; krb5_keytab keytab = NULL; @@ -205,11 +205,25 @@ void get_tickets(context) if (realm) { retval = krb5_set_principal_realm(context, my_principal, realm); if (retval) { - com_err(progname, errno, - "while setting client principal realm"); + com_err(progname, errno, "while setting client principal realm"); + exit(1); + } + } else if (krb5_is_referral_realm(krb5_princ_realm(context, + my_principal))) { + /* We're going to use this as a client principal, so it can't have the + * referral realm. Use the default realm instead. */ + retval = krb5_get_default_realm(context, &def_realm); + if (retval) { + com_err(progname, errno, "while getting default realm"); + exit(1); + } + retval = krb5_set_principal_realm(context, my_principal, def_realm); + if (retval) { + com_err(progname, errno, "while setting client principal realm"); exit(1); } } + #if 0 krb5_princ_type(context, my_principal) = KRB5_NT_PRINCIPAL; #endif |