From edb0eef166577992184a09a1404faed5f5b714c8 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 8 Apr 2011 17:47:01 +0000 Subject: [PATCH] When inquiring the default GSS acceptor principal, return a principal name from the keytab if we can, for better compliance with GSSAPI. ticket: 6897 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24861 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/inq_cred.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c index 493dd039d..4ef94c7af 100644 --- a/src/lib/gssapi/krb5/inq_cred.c +++ b/src/lib/gssapi/krb5/inq_cred.c @@ -88,6 +88,7 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, krb5_timestamp now; krb5_deltat lifetime; krb5_gss_name_t ret_name; + krb5_principal princ; gss_OID_set mechs; OM_uint32 ret; @@ -144,9 +145,24 @@ krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, lifetime = GSS_C_INDEFINITE; if (name) { - if (cred->name && - (code = kg_duplicate_name(context, cred->name, - KG_INIT_NAME_INTERN, &ret_name))) { + if (cred->name) { + code = kg_duplicate_name(context, cred->name, KG_INIT_NAME_INTERN, + &ret_name); + } else if ((cred->usage == GSS_C_ACCEPT || cred->usage == GSS_C_BOTH) + && cred->keytab != NULL) { + /* This is a default acceptor cred; use a name from the keytab if + * we can. */ + code = k5_kt_get_principal(context, cred->keytab, &princ); + if (code == 0) { + code = kg_init_name(context, princ, NULL, NULL, NULL, + KG_INIT_NAME_NO_COPY | KG_INIT_NAME_INTERN, + &ret_name); + if (code) + krb5_free_principal(context, princ); + } else if (code == KRB5_KT_NOTFOUND) + code = 0; + } + if (code) { k5_mutex_unlock(&cred->lock); *minor_status = code; save_error_info(*minor_status, context); -- 2.26.2