diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-05-10 17:34:14 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-05-10 17:34:14 +0000 |
| commit | 70e46d97b6907da651069d1c0d74163b9edae5ea (patch) | |
| tree | 37f13dcdcef0cf7a269c76df1790c19b8eebff36 /src | |
| parent | 0eb4672034bc48c94f0ab4775b114d5b8b89e696 (diff) | |
| download | krb5-70e46d97b6907da651069d1c0d74163b9edae5ea.tar.gz krb5-70e46d97b6907da651069d1c0d74163b9edae5ea.tar.xz krb5-70e46d97b6907da651069d1c0d74163b9edae5ea.zip | |
Avoid requiring default realm for in_tkt_service
Use the new KRB5_PRINCIPAL_PARSE_IGNORE_REALM flag when parsing
in_tkt_service arguments in get_init_cred functions, since we're going
to overwrite the realm anyway.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25863 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 48 |
1 files changed, 17 insertions, 31 deletions
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index b552d126d..21b92e033 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -439,42 +439,27 @@ static krb5_error_code build_in_tkt_name(krb5_context context, const char *in_tkt_service, krb5_const_principal client, - krb5_principal *server) + krb5_principal *server_out) { krb5_error_code ret; + krb5_principal server = NULL; - *server = NULL; + *server_out = NULL; if (in_tkt_service) { - /* Minimally invasive fix for inability to change password with no - * default realm, for backporting. */ - if (strcmp(in_tkt_service, "kadmin/changepw") == 0) - in_tkt_service = "kadmin/changepw@"; - - /* this is ugly, because so are the data structures involved. I'm - in the library, so I'm going to manipulate the data structures - directly, otherwise, it will be worse. */ - - if ((ret = krb5_parse_name(context, in_tkt_service, server))) + ret = krb5_parse_name_flags(context, in_tkt_service, + KRB5_PRINCIPAL_PARSE_IGNORE_REALM, + &server); + if (ret) + return ret; + ret = krb5int_copy_data_contents(context, &client->realm, + &server->realm); + if (ret) { + krb5_free_principal(context, server); return ret; - - /* stuff the client realm into the server principal. - realloc if necessary */ - if ((*server)->realm.length < client->realm.length) { - char *p = realloc((*server)->realm.data, - client->realm.length); - if (p == NULL) { - krb5_free_principal(context, *server); - *server = NULL; - return ENOMEM; - } - (*server)->realm.data = p; } - - (*server)->realm.length = client->realm.length; - memcpy((*server)->realm.data, client->realm.data, client->realm.length); } else { - ret = krb5_build_principal_ext(context, server, + ret = krb5_build_principal_ext(context, &server, client->realm.length, client->realm.data, KRB5_TGS_NAME_SIZE, @@ -489,11 +474,12 @@ build_in_tkt_name(krb5_context context, * Windows Server 2008 R2 RODC insists on TGS principal names having the * right name type. */ - if (krb5_princ_size(context, *server) == 2 && - data_eq_string(*krb5_princ_component(context, *server, 0), + if (krb5_princ_size(context, server) == 2 && + data_eq_string(*krb5_princ_component(context, server, 0), KRB5_TGS_NAME)) { - krb5_princ_type(context, *server) = KRB5_NT_SRV_INST; + krb5_princ_type(context, server) = KRB5_NT_SRV_INST; } + *server_out = server; return 0; } |