From adafd55a957ecacfcd206e7f639cab9e06960a1c Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Wed, 8 Jan 2003 23:49:33 +0000 Subject: [PATCH] Previously fwd_tgt_creds required either that the hostname be passed in or that the principal be a host-based service. This means you cannot for example forward tickets to a GSSAPI user-based service. The requirement to get the hostname is only needed in cases where addressless tickets are not used. So when addressless tickets are used, do not require the hostname. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15099 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 4 ++++ src/lib/krb5/krb/fwd_tgt.c | 35 +++++++++++++++++++++-------------- 2 files changed, 25 insertions(+), 14 deletions(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 932528a7d..826cdc08f 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,7 @@ +2003-01-08 Sam Hartman + + * fwd_tgt.c (krb5_fwd_tgt_creds): Don't require hostname to be supplied unless you are using addresses in the ticket. + 2003-01-07 Ken Raeburn * appdefault.c (conf_yes, conf_no): Now const. diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c index f8818d4fb..aa42f8cc1 100644 --- a/src/lib/krb5/krb/fwd_tgt.c +++ b/src/lib/krb5/krb/fwd_tgt.c @@ -60,20 +60,6 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char *r memset((char *)&creds, 0, sizeof(creds)); memset((char *)&tgt, 0, sizeof(creds)); - if (rhost == NULL) { - if (krb5_princ_type(context, server) != KRB5_NT_SRV_HST) - return(KRB5_FWD_BAD_PRINCIPAL); - - if (krb5_princ_size(context, server) < 2) - return (KRB5_CC_BADNAME); - - rhost = malloc(server->data[1].length+1); - if (!rhost) - return ENOMEM; - free_rhost = 1; - memcpy(rhost, server->data[1].data, server->data[1].length); - rhost[server->data[1].length] = '\0'; - } if (cc == 0) { if ((retval = krb5int_cc_default(context, &cc))) goto errout; @@ -140,6 +126,27 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char *r } if (tgt.addresses && *tgt.addresses) { + if (rhost == NULL) { + if (krb5_princ_type(context, server) != KRB5_NT_SRV_HST) { +retval = KRB5_FWD_BAD_PRINCIPAL; + goto errout; + } + + if (krb5_princ_size(context, server) < 2){ + retval = KRB5_CC_BADNAME; + goto errout; + } + + rhost = malloc(server->data[1].length+1); + if (!rhost) { + retval = ENOMEM; + goto errout; + } + free_rhost = 1; + memcpy(rhost, server->data[1].data, server->data[1].length); + rhost[server->data[1].length] = '\0'; + } + retval = krb5_os_hostaddr(context, rhost, &addrs); if (retval) goto errout; -- 2.26.2