From 3187e3111e53478fd41483e4191a788d4112abe8 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Thu, 9 Jun 2011 21:09:01 +0000
Subject: [PATCH] pull up r24945 from trunk

 ------------------------------------------------------------------------
 r24945 | ghudson | 2011-05-26 14:05:49 -0400 (Thu, 26 May 2011) | 12 lines

 ticket: 6916
 subject: Restore krb5_get_credentials caching for referral requests
 target_version: 1.9.2
 tags: pullup

 The krb5_get_credentials() rewrite for IAKERB accidentally omitted the
 final step of restoring the requested realm in the output credentials.
 As a result, referral entries are not cached, and the caller sees the
 actual realm in (*out_creds)->server instead of the referral realm as
 before.  Fix this in complete() by swapping ctx->req_server into
 ctx->reply_creds->server.

ticket: 6916
version_fixed: 1.9.2
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24956 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/krb/get_creds.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index cf216b707..e6841dfe7 100644
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -428,6 +428,11 @@ complete(krb5_context context, krb5_tkt_creds_context ctx)
 
     TRACE_TKT_CREDS_COMPLETE(context, ctx->reply_creds->server);
 
+    /* Put the requested server principal in the output creds. */
+    krb5_free_principal(context, ctx->reply_creds->server);
+    ctx->reply_creds->server = ctx->req_server;
+    ctx->req_server = NULL;
+
     /* Note the authdata we asked for in the output creds. */
     ctx->reply_creds->authdata = ctx->authdata;
     ctx->authdata = NULL;
-- 
2.26.2