diff options
| author | Theodore Tso <tytso@mit.edu> | 1991-05-06 12:32:14 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1991-05-06 12:32:14 +0000 |
| commit | f9a1cdb5739a77a9e791ab35d9b3b70c1b804ce9 (patch) | |
| tree | b473c038237e3622fcc55e40bac2cd384d8b37c3 /src/lib | |
| parent | 1a0f55e42e5dcc3f89b42eb9d82d7a6e53d66c9b (diff) | |
| download | krb5-f9a1cdb5739a77a9e791ab35d9b3b70c1b804ce9.tar.gz krb5-f9a1cdb5739a77a9e791ab35d9b3b70c1b804ce9.tar.xz krb5-f9a1cdb5739a77a9e791ab35d9b3b70c1b804ce9.zip | |
Misc. changes
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2097 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/gc_frm_kdc.c | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index f98f1aa04..9842d44e1 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -80,11 +80,15 @@ krb5_get_cred_from_kdc (ccache, cred, tgts) * look for ticket with: * client == cred->client, * server == "krbtgt/realmof(cred->server)@realmof(cred->client)" + * + * (actually, the ticket may be issued by some other intermediate + * realm's KDC; so we use KRB5_TC_MATCH_SRV_NAMEONLY below) */ /* - * XXX we're sharing some substructure here, which is - * probably not safe... + * we're sharing some substructure here, which is dangerous. + * Be sure that if you muck with things here that tgtq.* doesn't share + * any substructure before you deallocate/clean up/whatever. */ memset((char *)&tgtq, 0, sizeof(tgtq)); tgtq.client = cred->client; @@ -96,7 +100,7 @@ krb5_get_cred_from_kdc (ccache, cred, tgts) /* try to fetch it directly */ retval = krb5_cc_retrieve_cred (ccache, - 0, /* default is client & server */ + KRB5_TC_MATCH_SRV_NAMEONLY, &tgtq, &tgt); @@ -193,7 +197,7 @@ krb5_get_cred_from_kdc (ccache, cred, tgts) if (!next_server) { /* what we got back wasn't in the list! */ krb5_free_realm_tree(tgs_list); - retval = KRB5_KDCREP_MODIFIED; /* XXX? */ + retval = KRB5_KDCREP_MODIFIED; goto out; } @@ -217,11 +221,18 @@ krb5_get_cred_from_kdc (ccache, cred, tgts) } etype = krb5_keytype_array[tgt.keyblock.keytype]->system->proto_enctype; - retval = krb5_get_cred_via_tgt(&tgt, - flags2options(tgt.ticket_flags), - etype, - krb5_kdc_req_sumtype, - cred); + if (cred->second_ticket.length) + retval = krb5_get_cred_via_2tgt(&tgt, + KDC_OPT_ENC_TKT_IN_SKEY | flags2options(tgt.ticket_flags), + etype, krb5_kdc_req_sumtype, cred); + + else + retval = krb5_get_cred_via_tgt(&tgt, + flags2options(tgt.ticket_flags), + etype, + krb5_kdc_req_sumtype, + cred); + if (!returning_tgt) krb5_free_cred_contents(&tgt); out: |