svn rev #24956: branches/krb5-1-9/src/lib/krb5/krb/
tlyu@MIT.EDU
tlyu at MIT.EDU
Thu Jun 9 17:09:01 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=24956
Commit By: tlyu
Log Message:
ticket: 6916
version_fixed: 1.9.2
status: resolved
pull up r24945 from trunk
------------------------------------------------------------------------
r24945 | ghudson | 2011-05-26 14:05:49 -0400 (Thu, 26 May 2011) | 12 lines
ticket: 6916
subject: Restore krb5_get_credentials caching for referral requests
target_version: 1.9.2
tags: pullup
The krb5_get_credentials() rewrite for IAKERB accidentally omitted the
final step of restoring the requested realm in the output credentials.
As a result, referral entries are not cached, and the caller sees the
actual realm in (*out_creds)->server instead of the referral realm as
before. Fix this in complete() by swapping ctx->req_server into
ctx->reply_creds->server.
Changed Files:
U branches/krb5-1-9/src/lib/krb5/krb/get_creds.c
Modified: branches/krb5-1-9/src/lib/krb5/krb/get_creds.c
===================================================================
--- branches/krb5-1-9/src/lib/krb5/krb/get_creds.c 2011-06-09 21:08:57 UTC (rev 24955)
+++ branches/krb5-1-9/src/lib/krb5/krb/get_creds.c 2011-06-09 21:09:01 UTC (rev 24956)
@@ -428,6 +428,11 @@
TRACE_TKT_CREDS_COMPLETE(context, ctx->reply_creds->server);
+ /* Put the requested server principal in the output creds. */
+ krb5_free_principal(context, ctx->reply_creds->server);
+ ctx->reply_creds->server = ctx->req_server;
+ ctx->req_server = NULL;
+
/* Note the authdata we asked for in the output creds. */
ctx->reply_creds->authdata = ctx->authdata;
ctx->authdata = NULL;
More information about the cvs-krb5
mailing list