(tgs_rep2): return a reference to a krbtgt for the right realm if we
fail to find a non-krbtgt service in the database and the second component does a succesful non-dns lookup to get the real realm (which has to be different from the originally-supplied realm). this should help windows 2000 clients that always start their lookups in `their' realm and do not have any idea of how to map hostnames into realms git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9824 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
@@ -1289,6 +1289,10 @@ out:
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* return the realm of a krbtgt-ticket or NULL
|
||||||
|
*/
|
||||||
|
|
||||||
static Realm
|
static Realm
|
||||||
get_krbtgt_realm(const PrincipalName *p)
|
get_krbtgt_realm(const PrincipalName *p)
|
||||||
{
|
{
|
||||||
@@ -1568,18 +1572,40 @@ tgs_rep2(KDC_REQ_BODY *b,
|
|||||||
|
|
||||||
if(ret){
|
if(ret){
|
||||||
Realm req_rlm, new_rlm;
|
Realm req_rlm, new_rlm;
|
||||||
if(loop++ < 2 && (req_rlm = get_krbtgt_realm(&sp->name))){
|
krb5_realm *realms;
|
||||||
new_rlm = find_rpath(req_rlm);
|
|
||||||
if(new_rlm) {
|
if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
|
||||||
kdc_log(5, "krbtgt for realm %s not found, trying %s",
|
if(loop++ < 2) {
|
||||||
req_rlm, new_rlm);
|
new_rlm = find_rpath(req_rlm);
|
||||||
|
if(new_rlm) {
|
||||||
|
kdc_log(5, "krbtgt for realm %s not found, trying %s",
|
||||||
|
req_rlm, new_rlm);
|
||||||
|
krb5_free_principal(context, sp);
|
||||||
|
free(spn);
|
||||||
|
krb5_make_principal(context, &sp, r,
|
||||||
|
KRB5_TGS_NAME, new_rlm, NULL);
|
||||||
|
krb5_unparse_name(context, sp, &spn);
|
||||||
|
goto server_lookup;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else if(sp->name.name_string.len == 2
|
||||||
|
&& (ret = krb5_get_host_realm_int(context,
|
||||||
|
sp->name.name_string.val[1],
|
||||||
|
FALSE,
|
||||||
|
&realms)) == 0) {
|
||||||
|
if (strcmp(realms[0], sp->realm) != 0) {
|
||||||
|
kdc_log(5, "returning a referral to realm %s for "
|
||||||
|
"server %s that was not found",
|
||||||
|
realms[0], spn);
|
||||||
krb5_free_principal(context, sp);
|
krb5_free_principal(context, sp);
|
||||||
free(spn);
|
free(spn);
|
||||||
krb5_make_principal(context, &sp, r,
|
krb5_make_principal(context, &sp, r, KRB5_TGS_NAME,
|
||||||
"krbtgt", new_rlm, NULL);
|
realms[0], NULL);
|
||||||
krb5_unparse_name(context, sp, &spn);
|
krb5_unparse_name(context, sp, &spn);
|
||||||
|
krb5_free_host_realm(context, realms);
|
||||||
goto server_lookup;
|
goto server_lookup;
|
||||||
}
|
}
|
||||||
|
krb5_free_host_realm(context, realms);
|
||||||
}
|
}
|
||||||
kdc_log(0, "Server not found in database: %s: %s", spn,
|
kdc_log(0, "Server not found in database: %s: %s", spn,
|
||||||
krb5_get_err_text(context, ret));
|
krb5_get_err_text(context, ret));
|
||||||
|
|||||||
Reference in New Issue
Block a user