projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dfe3625)
pull up r24518 from trunk
authorTom Yu <tlyu@mit.edu>
Wed, 1 Dec 2010 02:15:55 +0000 (02:15 +0000)
committerTom Yu <tlyu@mit.edu>
Wed, 1 Dec 2010 02:15:55 +0000 (02:15 +0000)
 ------------------------------------------------------------------------
 r24518 | ghudson | 2010-11-15 21:30:16 -0500 (Mon, 15 Nov 2010) | 12 lines

 ticket: 6819
 subject: Handle referral realm in kprop client principal
 target_version: 1.9
 tags: pullup

 kprop uses krb5_sname_to_principal() to determine its client
 principal.  If the local hostname cannot be mapped to a realm based on
 the profile's domain_realm section, krb5_sname_to_principal() will (as
 of 1.6) return a principal with the referral realm (""), which does
 not work in a client principal.  Handle this by substituting the
 default realm.

ticket: 6819
version_fixed: 1.9
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24541 dc483132-0cff-0310-8789-dd5450dbe970

src/slave/kprop.c patch | blob | history

diff --git a/src/slave/kprop.c b/src/slave/kprop.c
index 22ac3a6a847c49974fc385f4f090315269945223..0cb8b3b4d52055fa9c9dea9e2d08ce78f205714c 100644 (file)
--- a/src/slave/kprop.c
+++ b/src/slave/kprop.c
@@ -188,7 +188,7 @@ void PRS(argc, argv)
 void get_tickets(context)
     krb5_context context;
 {
-    char   buf[BUFSIZ];
+    char   buf[BUFSIZ], *def_realm;
     krb5_error_code retval;
     static char tkstring[] = "/tmp/kproptktXXXXXX";
     krb5_keytab keytab = NULL;
@@ -205,11 +205,25 @@ void get_tickets(context)
     if (realm) {
         retval = krb5_set_principal_realm(context, my_principal, realm);
         if (retval) {
-            com_err(progname, errno,
-                    "while setting client principal realm");
+            com_err(progname, errno, "while setting client principal realm");
+            exit(1);
+        }
+    } else if (krb5_is_referral_realm(krb5_princ_realm(context,
+                                                       my_principal))) {
+        /* We're going to use this as a client principal, so it can't have the
+         * referral realm.  Use the default realm instead. */
+        retval = krb5_get_default_realm(context, &def_realm);
+        if (retval) {
+            com_err(progname, errno, "while getting default realm");
+            exit(1);
+        }
+        retval = krb5_set_principal_realm(context, my_principal, def_realm);
+        if (retval) {
+            com_err(progname, errno, "while setting client principal realm");
             exit(1);
         }
     }
+
 #if 0
     krb5_princ_type(context, my_principal) = KRB5_NT_PRINCIPAL;
 #endif
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.