diff options
| author | Sam Hartman <hartmans@mit.edu> | 2003-01-08 23:49:33 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2003-01-08 23:49:33 +0000 |
| commit | adafd55a957ecacfcd206e7f639cab9e06960a1c (patch) | |
| tree | 9f2f683bb8ef7fba59d7ece90c3818a99ad5d0e1 /src/lib | |
| parent | 1ca305117cccd8dd411cb939bb99e29e7b75a884 (diff) | |
| download | krb5-adafd55a957ecacfcd206e7f639cab9e06960a1c.tar.gz krb5-adafd55a957ecacfcd206e7f639cab9e06960a1c.tar.xz krb5-adafd55a957ecacfcd206e7f639cab9e06960a1c.zip | |
Previously fwd_tgt_creds required either that the hostname be passed
in or that the principal be a host-based service. This means you
cannot for example forward tickets to a GSSAPI user-based service.
The requirement to get the hostname is only needed in cases where
addressless tickets are not used. So when addressless tickets are
used, do not require the hostname.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15099 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 4 | ||||
| -rw-r--r-- | src/lib/krb5/krb/fwd_tgt.c | 35 |
2 files changed, 25 insertions, 14 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 932528a7d..826cdc08f 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,7 @@ +2003-01-08 Sam Hartman <hartmans@mit.edu> + + * fwd_tgt.c (krb5_fwd_tgt_creds): Don't require hostname to be supplied unless you are using addresses in the ticket. + 2003-01-07 Ken Raeburn <raeburn@mit.edu> * appdefault.c (conf_yes, conf_no): Now const. diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c index f8818d4fb..aa42f8cc1 100644 --- a/src/lib/krb5/krb/fwd_tgt.c +++ b/src/lib/krb5/krb/fwd_tgt.c @@ -60,20 +60,6 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char *r memset((char *)&creds, 0, sizeof(creds)); memset((char *)&tgt, 0, sizeof(creds)); - if (rhost == NULL) { - if (krb5_princ_type(context, server) != KRB5_NT_SRV_HST) - return(KRB5_FWD_BAD_PRINCIPAL); - - if (krb5_princ_size(context, server) < 2) - return (KRB5_CC_BADNAME); - - rhost = malloc(server->data[1].length+1); - if (!rhost) - return ENOMEM; - free_rhost = 1; - memcpy(rhost, server->data[1].data, server->data[1].length); - rhost[server->data[1].length] = '\0'; - } if (cc == 0) { if ((retval = krb5int_cc_default(context, &cc))) goto errout; @@ -140,6 +126,27 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char *r } if (tgt.addresses && *tgt.addresses) { + if (rhost == NULL) { + if (krb5_princ_type(context, server) != KRB5_NT_SRV_HST) { +retval = KRB5_FWD_BAD_PRINCIPAL; + goto errout; + } + + if (krb5_princ_size(context, server) < 2){ + retval = KRB5_CC_BADNAME; + goto errout; + } + + rhost = malloc(server->data[1].length+1); + if (!rhost) { + retval = ENOMEM; + goto errout; + } + free_rhost = 1; + memcpy(rhost, server->data[1].data, server->data[1].length); + rhost[server->data[1].length] = '\0'; + } + retval = krb5_os_hostaddr(context, rhost, &addrs); if (retval) goto errout; |