projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 279a040)
Fix cross-realm traversal TGT requests
authorGreg Hudson <ghudson@mit.edu>
Thu, 1 Sep 2011 16:21:25 +0000 (16:21 +0000)
committerGreg Hudson <ghudson@mit.edu>
Thu, 1 Sep 2011 16:21:25 +0000 (16:21 +0000)
When requesting a cross-realm TGT, use the KDC instance of the current
TGT (the second data component), not the realm which the TGT came
from.

ticket: 6952
target_version: 1.9.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25121 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/get_creds.c patch | blob | history

diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index dba75716c384a9c0aab09cbcdb479be0638b8796..7c8230b32dcf495470887ad629d3559304d75ef2 100644 (file)
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -289,7 +289,7 @@ make_request_for_tgt(krb5_context context, krb5_tkt_creds_context ctx,
     /* Construct the principal krbtgt/<realm>@<cur-tgt-realm>. */
     krb5_free_principal(context, ctx->tgt_princ);
     ctx->tgt_princ = NULL;
-    code = krb5int_tgtname(context, realm, &ctx->cur_tgt->server->realm,
+    code = krb5int_tgtname(context, realm, &ctx->cur_tgt->server->data[1],
                            &ctx->tgt_princ);
     if (code != 0)
         return code;
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.