diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-11-16 02:30:16 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-11-16 02:30:16 +0000 |
| commit | c85548fbd98abfece8148cf4c15ddb6a6c6f34a9 (patch) | |
| tree | d6a3ce34375022b7fbaaa2fba416b9ab7a814a9d /src/slave | |
| parent | 9a7cd206577496b94c191328762832e19c089838 (diff) | |
| download | krb5-c85548fbd98abfece8148cf4c15ddb6a6c6f34a9.tar.gz krb5-c85548fbd98abfece8148cf4c15ddb6a6c6f34a9.tar.xz krb5-c85548fbd98abfece8148cf4c15ddb6a6c6f34a9.zip | |
Handle referral realm in kprop client principal
kprop uses krb5_sname_to_principal() to determine its client
principal. If the local hostname cannot be mapped to a realm based on
the profile's domain_realm section, krb5_sname_to_principal() will (as
of 1.6) return a principal with the referral realm (""), which does
not work in a client principal. Handle this by substituting the
default realm.
ticket: 6819
target_version: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24518 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/slave')
| -rw-r--r-- | src/slave/kprop.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/slave/kprop.c b/src/slave/kprop.c index 22ac3a6a84..0cb8b3b4d5 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -188,7 +188,7 @@ void PRS(argc, argv) void get_tickets(context) krb5_context context; { - char buf[BUFSIZ]; + char buf[BUFSIZ], *def_realm; krb5_error_code retval; static char tkstring[] = "/tmp/kproptktXXXXXX"; krb5_keytab keytab = NULL; @@ -205,11 +205,25 @@ void get_tickets(context) if (realm) { retval = krb5_set_principal_realm(context, my_principal, realm); if (retval) { - com_err(progname, errno, - "while setting client principal realm"); + com_err(progname, errno, "while setting client principal realm"); + exit(1); + } + } else if (krb5_is_referral_realm(krb5_princ_realm(context, + my_principal))) { + /* We're going to use this as a client principal, so it can't have the + * referral realm. Use the default realm instead. */ + retval = krb5_get_default_realm(context, &def_realm); + if (retval) { + com_err(progname, errno, "while getting default realm"); + exit(1); + } + retval = krb5_set_principal_realm(context, my_principal, def_realm); + if (retval) { + com_err(progname, errno, "while setting client principal realm"); exit(1); } } + #if 0 krb5_princ_type(context, my_principal) = KRB5_NT_PRINCIPAL; #endif |