svn rev #23491: branches/anonymous/src/lib/krb5/krb/
hartmans@MIT.EDU
hartmans at MIT.EDU
Wed Dec 23 16:09:46 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=23491
Commit By: hartmans
Log Message:
Revert "In case of anonymous client principal, use the realm of the server"
This reverts commit 34d2748e9052debc6a061911c2c786b46507b531. As the
entire working group has apparently forgotten, the KDC-REQ body only
has one realm field. That's used in an AS REQ for both the server and
client realm . So, in the anonymous pkinit case, I think we want to
send using a client of WELLKNOWN/ANONYMOUS at REAL_REALM. Waiting to
hear back from the WG on this.
Changed Files:
U branches/anonymous/src/lib/krb5/krb/get_in_tkt.c
Modified: branches/anonymous/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- branches/anonymous/src/lib/krb5/krb/get_in_tkt.c 2009-12-23 21:09:43 UTC (rev 23490)
+++ branches/anonymous/src/lib/krb5/krb/get_in_tkt.c 2009-12-23 21:09:46 UTC (rev 23491)
@@ -1047,47 +1047,37 @@
*server = NULL;
if (in_tkt_service) {
+ /* this is ugly, because so are the data structures involved. I'm
+ in the library, so I'm going to manipulate the data structures
+ directly, otherwise, it will be worse. */
if ((ret = krb5_parse_name(context, in_tkt_service, server)))
return ret;
- /* stuff the client realm into the server principal. unless using anonymous
+ /* stuff the client realm into the server principal.
realloc if necessary */
- if (!krb5_principal_compare( context, client, krb5_anonymous_principal())) {
- if ((*server)->realm.length < client->realm.length) {
- char *p = realloc((*server)->realm.data,
- client->realm.length);
- if (p == NULL) {
- krb5_free_principal(context, *server);
- *server = NULL;
- return ENOMEM;
- }
- (*server)->realm.data = p;
+ if ((*server)->realm.length < client->realm.length) {
+ char *p = realloc((*server)->realm.data,
+ client->realm.length);
+ if (p == NULL) {
+ krb5_free_principal(context, *server);
+ *server = NULL;
+ return ENOMEM;
}
-
- (*server)->realm.length = client->realm.length;
- memcpy((*server)->realm.data, client->realm.data, client->realm.length);
+ (*server)->realm.data = p;
}
+
+ (*server)->realm.length = client->realm.length;
+ memcpy((*server)->realm.data, client->realm.data, client->realm.length);
} else {
- krb5_data realm = (krb5_data ) client->realm;
- char *free_realm = NULL;
- if (krb5_principal_compare(context, client, krb5_anonymous_principal())) {
- ret = krb5_get_default_realm( context, &free_realm);
- if (ret != 0)
- return ret;
- realm.data = free_realm;
- realm.length = strlen(free_realm);
- }
ret = krb5_build_principal_ext(context, server,
- realm.length,
- realm.data,
+ client->realm.length,
+ client->realm.data,
KRB5_TGS_NAME_SIZE,
KRB5_TGS_NAME,
- realm.length,
- realm.data,
+ client->realm.length,
+ client->realm.data,
0);
- if (free_realm)
- krb5_free_default_realm( context, free_realm);
}
return ret;
}
More information about the cvs-krb5
mailing list