r25134: Fix Bug #4968 and make dns updates work with heimdal as well (again,

gss_import_name() needs to follow the same logic as in the LDAP sasl wrapping
(see -r25133).

Tested with MIT 1.2.7, 1.3.6, 1.4.3, 1.5.1, 1.6.1 and Heimdal 0.7.2, 1.0,
1.0.1.

Guenther

1 files changed, 3 insertions, 21 deletions

diff --git a/source/libaddns/dnsgss.c b/source/libaddns/dnsgss.c
index 9bbad44089f..e7ea0418477 100644
--- a/source/libaddns/dnsgss.c
+++ b/source/libaddns/dnsgss.c
@@ -219,11 +219,8 @@ DNS_ERROR dns_negotiate_sec_ctx( const char *target_realm,
 
 	gss_name_t targ_name;
 
-	krb5_principal host_principal;
-	krb5_context krb_ctx = NULL;
-
 	gss_OID_desc nt_host_oid_desc =
-		{ 10, (char *)"\052\206\110\206\367\022\001\002\002\002" };
+		{10, (char *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"};
 
 	TALLOC_CTX *mem_ctx;
 
@@ -247,23 +244,13 @@ DNS_ERROR dns_negotiate_sec_ctx( const char *target_realm,
 		goto error;
 	}
 
-	krb5_init_context( &krb_ctx );
-	krb5_parse_name( krb_ctx, targetname, &host_principal );
-
-	/* don't free the principal until after you call
-	   gss_release_name() or else you'll get a segv
-	   as the krb5_copy_principal() does a structure 
-	   copy and not a deep copy.    --jerry*/
-
-	input_name.value = &host_principal;
-	input_name.length = sizeof( host_principal );
+	input_name.value = targetname;
+	input_name.length = strlen(targetname);
 
 	major = gss_import_name( &minor, &input_name,
 				 &nt_host_oid_desc, &targ_name );
 
 	if (major) {
-		krb5_free_principal( krb_ctx, host_principal );
-		krb5_free_context( krb_ctx );
 		err = ERROR_DNS_GSS_ERROR;
 		goto error;
 	}
@@ -273,11 +260,6 @@ DNS_ERROR dns_negotiate_sec_ctx( const char *target_realm,
 	
 	gss_release_name( &minor, &targ_name );
 
-	/* now we can free the principal */
-
-	krb5_free_principal( krb_ctx, host_principal );
-	krb5_free_context( krb_ctx );
-
  error:
 	TALLOC_FREE(mem_ctx);