svn rev #24945: trunk/src/lib/krb5/krb/
ghudson@MIT.EDU
ghudson at MIT.EDU
Thu May 26 14:05:50 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=24945
Commit By: ghudson
Log Message:
ticket: 6916
subject: Restore krb5_get_credentials caching for referral requests
target_version: 1.9.2
tags: pullup
The krb5_get_credentials() rewrite for IAKERB accidentally omitted the
final step of restoring the requested realm in the output credentials.
As a result, referral entries are not cached, and the caller sees the
actual realm in (*out_creds)->server instead of the referral realm as
before. Fix this in complete() by swapping ctx->req_server into
ctx->reply_creds->server.
Changed Files:
U trunk/src/lib/krb5/krb/get_creds.c
Modified: trunk/src/lib/krb5/krb/get_creds.c
===================================================================
--- trunk/src/lib/krb5/krb/get_creds.c 2011-05-25 21:45:40 UTC (rev 24944)
+++ trunk/src/lib/krb5/krb/get_creds.c 2011-05-26 18:05:49 UTC (rev 24945)
@@ -419,6 +419,11 @@
{
TRACE_TKT_CREDS_COMPLETE(context, ctx->reply_creds->server);
+ /* Put the requested server principal in the output creds. */
+ krb5_free_principal(context, ctx->reply_creds->server);
+ ctx->reply_creds->server = ctx->req_server;
+ ctx->req_server = NULL;
+
/* Note the authdata we asked for in the output creds. */
ctx->reply_creds->authdata = ctx->authdata;
ctx->authdata = NULL;
More information about the cvs-krb5
mailing list