From 868264bf7c324b16d275493bcc3438125f9b1680 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Tue, 6 Jan 2009 23:45:23 +0000 Subject: [PATCH] Add support for referral null realms and use the default realm as krb5_rd_req_extended does ticket: 5954 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21716 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/vfy_increds.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/lib/krb5/krb/vfy_increds.c b/src/lib/krb5/krb/vfy_increds.c index 37adb9b93..f133e2f67 100644 --- a/src/lib/krb5/krb/vfy_increds.c +++ b/src/lib/krb5/krb/vfy_increds.c @@ -76,7 +76,9 @@ krb5_verify_init_creds(krb5_context context, ap_req.data = NULL; if (server_arg) { - server = server_arg; + ret = krb5_copy_principal(context, server_arg, &server); + if (ret) + goto cleanup; } else { if ((ret = krb5_sname_to_principal(context, NULL, NULL, KRB5_NT_SRV_HST, &server))) @@ -94,6 +96,12 @@ krb5_verify_init_creds(krb5_context context, if ((ret = krb5_kt_default(context, &keytab))) goto cleanup; } + if (krb5_is_referral_realm(&server->realm)) { + krb5_free_data_contents(context, &server->realm); + ret = krb5_get_default_realm(context, &server->realm.data); + if (ret) goto cleanup; + server->realm.length = strlen(server->realm.data); + } if ((ret = krb5_kt_get_entry(context, keytab, server, 0, 0, &kte))) { /* this means there is no keying material. This is ok, as long as @@ -207,7 +215,7 @@ krb5_verify_init_creds(krb5_context context, accordingly. either that, or it's zero, which is fine, too */ cleanup: - if (!server_arg && server) + if ( server) krb5_free_principal(context, server); if (!keytab_arg && keytab) krb5_kt_close(context, keytab); -- 2.26.2