oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kinit: Prefer the default ccache when user_realm

Browse Source 
If using the new --cache-default-for option, use the real default if the
principal is the best principal for the user.

A principal is the best principal for a user when the principal has just
one component, the component is the user's username, and the realm is
the configured user_realm.
This commit is contained in:
Nicolas Williams
2020-03-12 17:57:16 -05:00
parent 7dae771eef
commit 02db43a1ae
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
kuser/kinit.c
View File

@@ -1482,7 +1482,22 @@ main(int argc, char **argv)
if (cred_cache) {
ret = krb5_cc_resolve(context, cred_cache, &ccache);
} else if (default_for_flag) {
ret = krb5_cc_default_for(context, principal, &ccache);
char username[64];
char *user_realm;
if ((user_realm = get_user_realm(context)) == NULL)
user_realm = get_default_realm(context);
if (user_realm &&
krb5_principal_get_num_comp(context, principal) == 1 &&
strcmp(user_realm,
krb5_principal_get_realm(context, principal)) == 0 &&
roken_get_username(username, sizeof(username)) &&
strcmp(username,
krb5_principal_get_comp_string(context, principal, 0)) == 0)
ret = krb5_cc_default(context, &ccache);
else
ret = krb5_cc_default_for(context, principal, &ccache);
free(user_realm);
} else {
if (argc > 1) {
char s[1024];