diff options
| author | Theodore Tso <tytso@mit.edu> | 1994-06-10 22:36:11 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1994-06-10 22:36:11 +0000 |
| commit | 7ce49654d239d5bf0069a965092e9c7fe2f8849d (patch) | |
| tree | 8974cb8d3e2ba0365f8e6c9f18cd2cba9ad4af98 /src | |
| parent | e2880ee829141a7ccf11a1a399b60a3e1b6a12a6 (diff) | |
| download | krb5-7ce49654d239d5bf0069a965092e9c7fe2f8849d.tar.gz krb5-7ce49654d239d5bf0069a965092e9c7fe2f8849d.tar.xz krb5-7ce49654d239d5bf0069a965092e9c7fe2f8849d.zip | |
Fix inter-realm handling in KDC so that an intermediate realm is returned
when appropriate.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3738 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/kdc/do_tgs_req.c | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index b08c56ffc..a111b0fc7 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -168,22 +168,21 @@ tgt_again: errcode = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; goto cleanup; } else if (nprincs != 1) { - /* XXX Is it possible for a principal to have length 1 so that - the following statement is undefined? Only length 3 is valid - here, but can a length 1 ticket pass through all prior tests? */ - - krb5_data *server_1 = krb5_princ_component(request->server, 1); - krb5_data *tgs_1 = krb5_princ_component(tgs_server, 1); - - /* might be a request for a TGT for some other realm; we should - do our best to find such a TGS in this db */ - if (firstpass && krb5_princ_size(request->server) == 3 && - server_1->length == tgs_1->length && - !memcmp(server_1->data, tgs_1->data, tgs_1->length)) { - krb5_db_free_principal(&server, nprincs); - find_alternate_tgs(request, &server, &more, &nprincs); - firstpass = 0; - goto tgt_again; + /* + * might be a request for a TGT for some other realm; we + * should do our best to find such a TGS in this db + */ + if (firstpass && krb5_princ_size(request->server) == 2) { + krb5_data *server_1 = krb5_princ_component(request->server, 1); + krb5_data *tgs_1 = krb5_princ_component(tgs_server, 1); + + if (server_1->length != tgs_1->length || + memcmp(server_1->data, tgs_1->data, tgs_1->length)) { + krb5_db_free_principal(&server, nprincs); + find_alternate_tgs(request, &server, &more, &nprincs); + firstpass = 0; + goto tgt_again; + } } krb5_db_free_principal(&server, nprincs); status = "UNKNOWN_SERVER"; @@ -672,8 +671,8 @@ int *nprincs; *nprincs = 0; *more = FALSE; - if (retval = krb5_walk_realm_tree(krb5_princ_component(request->server, 0), - krb5_princ_component(request->server, 2), + if (retval = krb5_walk_realm_tree(krb5_princ_realm(request->server), + krb5_princ_component(request->server, 1), &plist, KRB5_REALM_BRANCH_CHAR)) return; |