svn rev #24518: trunk/src/slave/
ghudson@MIT.EDU
ghudson at MIT.EDU
Mon Nov 15 21:30:16 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24518
Commit By: ghudson
Log Message:
ticket: 6819
subject: Handle referral realm in kprop client principal
target_version: 1.9
tags: pullup
kprop uses krb5_sname_to_principal() to determine its client
principal. If the local hostname cannot be mapped to a realm based on
the profile's domain_realm section, krb5_sname_to_principal() will (as
of 1.6) return a principal with the referral realm (""), which does
not work in a client principal. Handle this by substituting the
default realm.
Changed Files:
U trunk/src/slave/kprop.c
Modified: trunk/src/slave/kprop.c
===================================================================
--- trunk/src/slave/kprop.c 2010-11-16 00:12:52 UTC (rev 24517)
+++ trunk/src/slave/kprop.c 2010-11-16 02:30:16 UTC (rev 24518)
@@ -188,7 +188,7 @@
void get_tickets(context)
krb5_context context;
{
- char buf[BUFSIZ];
+ char buf[BUFSIZ], *def_realm;
krb5_error_code retval;
static char tkstring[] = "/tmp/kproptktXXXXXX";
krb5_keytab keytab = NULL;
@@ -205,11 +205,25 @@
if (realm) {
retval = krb5_set_principal_realm(context, my_principal, realm);
if (retval) {
- com_err(progname, errno,
- "while setting client principal realm");
+ com_err(progname, errno, "while setting client principal realm");
exit(1);
}
+ } else if (krb5_is_referral_realm(krb5_princ_realm(context,
+ my_principal))) {
+ /* We're going to use this as a client principal, so it can't have the
+ * referral realm. Use the default realm instead. */
+ retval = krb5_get_default_realm(context, &def_realm);
+ if (retval) {
+ com_err(progname, errno, "while getting default realm");
+ exit(1);
+ }
+ retval = krb5_set_principal_realm(context, my_principal, def_realm);
+ if (retval) {
+ com_err(progname, errno, "while setting client principal realm");
+ exit(1);
+ }
}
+
#if 0
krb5_princ_type(context, my_principal) = KRB5_NT_PRINCIPAL;
#endif
More information about the cvs-krb5
mailing list