From 9d798967caaea110173d683af2948ed6bf57ce97 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Thu, 26 May 2011 18:05:49 +0000 Subject: [PATCH] Restore krb5_get_credentials caching for referral requests The krb5_get_credentials() rewrite for IAKERB accidentally omitted the final step of restoring the requested realm in the output credentials. As a result, referral entries are not cached, and the caller sees the actual realm in (*out_creds)->server instead of the referral realm as before. Fix this in complete() by swapping ctx->req_server into ctx->reply_creds->server. ticket: 6916 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24945 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/get_creds.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index afa34c2d8..0f03d427c 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -419,6 +419,11 @@ complete(krb5_context context, krb5_tkt_creds_context ctx) { TRACE_TKT_CREDS_COMPLETE(context, ctx->reply_creds->server); + /* Put the requested server principal in the output creds. */ + krb5_free_principal(context, ctx->reply_creds->server); + ctx->reply_creds->server = ctx->req_server; + ctx->req_server = NULL; + /* Note the authdata we asked for in the output creds. */ ctx->reply_creds->authdata = ctx->authdata; ctx->authdata = NULL; -- 2.26.2