Fix inter-realm handling in KDC so that an intermediate realm is returned
authorTheodore Tso <tytso@mit.edu>
Fri, 10 Jun 1994 22:36:11 +0000 (22:36 +0000)
committerTheodore Tso <tytso@mit.edu>
Fri, 10 Jun 1994 22:36:11 +0000 (22:36 +0000)
when appropriate.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3738 dc483132-0cff-0310-8789-dd5450dbe970

src/kdc/do_tgs_req.c

index b08c56ffc5f7f64fd246c06a7af9a60a7ac045ba..a111b0fc75531c42d4628fbc23edf5a39301bb01 100644 (file)
@@ -168,22 +168,21 @@ tgt_again:
        errcode = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
        goto cleanup;
     } else if (nprincs != 1) {
-       /* XXX Is it possible for a principal to have length 1 so that
-          the following statement is undefined?  Only length 3 is valid
-          here, but can a length 1 ticket pass through all prior tests?  */
-
-       krb5_data *server_1 = krb5_princ_component(request->server, 1);
-       krb5_data *tgs_1 = krb5_princ_component(tgs_server, 1);
-
-       /* might be a request for a TGT for some other realm; we should
-          do our best to find such a TGS in this db */
-       if (firstpass && krb5_princ_size(request->server) == 3 &&
-           server_1->length == tgs_1->length &&
-           !memcmp(server_1->data, tgs_1->data, tgs_1->length)) {
-           krb5_db_free_principal(&server, nprincs);
-           find_alternate_tgs(request, &server, &more, &nprincs);
-           firstpass = 0;
-           goto tgt_again;
+       /*
+        * might be a request for a TGT for some other realm; we
+        * should do our best to find such a TGS in this db
+        */
+       if (firstpass && krb5_princ_size(request->server) == 2) {
+           krb5_data *server_1 = krb5_princ_component(request->server, 1);
+           krb5_data *tgs_1 = krb5_princ_component(tgs_server, 1);
+
+           if (server_1->length != tgs_1->length ||
+               memcmp(server_1->data, tgs_1->data, tgs_1->length)) {
+               krb5_db_free_principal(&server, nprincs);
+               find_alternate_tgs(request, &server, &more, &nprincs);
+               firstpass = 0;
+               goto tgt_again;
+           }
        }
        krb5_db_free_principal(&server, nprincs);
        status = "UNKNOWN_SERVER";
@@ -672,8 +671,8 @@ int *nprincs;
     *nprincs = 0;
     *more = FALSE;
 
-    if (retval = krb5_walk_realm_tree(krb5_princ_component(request->server, 0),
-                                     krb5_princ_component(request->server, 2),
+    if (retval = krb5_walk_realm_tree(krb5_princ_realm(request->server),
+                                     krb5_princ_component(request->server, 1),
                                      &plist, KRB5_REALM_BRANCH_CHAR))
        return;