summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorSam Hartman <hartmans@mit.edu>2007-04-29 21:55:04 +0000
committerSam Hartman <hartmans@mit.edu>2007-04-29 21:55:04 +0000
commit49f4a6eb0d473ea6cc866bb8f7f17d2911aadcbb (patch)
tree49f15b2e2b6034df7d9a43b91ac099f8f3a769c5 /src
parent973b2b635f3de9ae9cd3a79872cb5f70b9745760 (diff)
downloadkrb5-49f4a6eb0d473ea6cc866bb8f7f17d2911aadcbb.tar.gz
krb5-49f4a6eb0d473ea6cc866bb8f7f17d2911aadcbb.tar.xz
krb5-49f4a6eb0d473ea6cc866bb8f7f17d2911aadcbb.zip
rd_req_decoded needs to deal with referral realms
* Fix handling of null realm in krb5_rd_req_decoded; now we treat a null realm as a default realm there, as we do in the keytab code. ticket: new Target_Version: 1.6.2 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19536 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
-rw-r--r--src/lib/krb5/krb/rd_req_dec.c26
1 files changed, 21 insertions, 5 deletions
diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c
index a2b275cbef..a4f825a76a 100644
--- a/src/lib/krb5/krb/rd_req_dec.c
+++ b/src/lib/krb5/krb/rd_req_dec.c
@@ -95,7 +95,19 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
{
krb5_error_code retval = 0;
krb5_timestamp currenttime;
-
+ krb5_principal_data princ_data;
+
+ req->ticket->enc_part2 == NULL;
+ if (server && krb5_is_referral_realm(&server->realm)) {
+ char *realm;
+ princ_data = *server;
+ server = &princ_data;
+ retval = krb5_get_default_realm(context, &realm);
+ if (retval)
+ return retval;
+ princ_data.realm.data = realm;
+ princ_data.realm.length = strlen(realm);
+ }
if (server && !krb5_principal_compare(context, server, req->ticket->server)) {
char *found_name = 0, *wanted_name = 0;
if (krb5_unparse_name(context, server, &wanted_name) == 0
@@ -105,7 +117,8 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
found_name, wanted_name);
krb5_free_unparsed_name(context, wanted_name);
krb5_free_unparsed_name(context, found_name);
- return KRB5KRB_AP_WRONG_PRINC;
+ retval = KRB5KRB_AP_WRONG_PRINC;
+ goto cleanup;
}
/* if (req->ap_options & AP_OPTS_USE_SESSION_KEY)
@@ -115,12 +128,12 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
if ((*auth_context)->keyblock) { /* User to User authentication */
if ((retval = krb5_decrypt_tkt_part(context, (*auth_context)->keyblock,
req->ticket)))
- return retval;
+goto cleanup;
krb5_free_keyblock(context, (*auth_context)->keyblock);
(*auth_context)->keyblock = NULL;
} else {
if ((retval = krb5_rd_req_decrypt_tkt_part(context, req, keytab)))
- return retval;
+ goto cleanup;
}
/* XXX this is an evil hack. check_valid_flag is set iff the call
@@ -365,10 +378,13 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
retval = 0;
cleanup:
+ if (server == &princ_data)
+ krb5_free_default_realm(context, princ_data.realm.data);
if (retval) {
/* only free if we're erroring out...otherwise some
applications will need the output. */
- krb5_free_enc_tkt_part(context, req->ticket->enc_part2);
+ if (req->ticket->enc_part2)
+ krb5_free_enc_tkt_part(context, req->ticket->enc_part2);
req->ticket->enc_part2 = NULL;
}
return retval;