(tgs_rep2): return a reference to a krbtgt for the right realm if we

fail to find a non-krbtgt service in the database and the second component does a succesful non-dns lookup to get the real realm (which has to be different from the originally-supplied realm). this should help windows 2000 clients that always start their lookups in `their' realm and do not have any idea of how to map hostnames into realms git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9824 ec53bebd-3082-4978-b11e-865c3cabbd6b
2001-04-29 11:02:49 +00:00
parent b06fd720d9
commit 06d2baa47b
1 changed files with 34 additions and 8 deletions
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -1289,6 +1289,10 @@ out:
    return ret;
 }

+/*
+ * return the realm of a krbtgt-ticket or NULL
+ */
+
 static Realm 
 get_krbtgt_realm(const PrincipalName *p)
 {
@@ -1568,7 +1572,10 @@ tgs_rep2(KDC_REQ_BODY *b,

 	if(ret){
 	    Realm req_rlm, new_rlm;
-	    if(loop++ < 2 && (req_rlm = get_krbtgt_realm(&sp->name))){
+	    krb5_realm *realms;
+
+	    if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
+		if(loop++ < 2) {
 		    new_rlm = find_rpath(req_rlm);
 		    if(new_rlm) {
 			kdc_log(5, "krbtgt for realm %s not found, trying %s", 
@@ -1576,11 +1583,30 @@ tgs_rep2(KDC_REQ_BODY *b,
 			krb5_free_principal(context, sp);
 			free(spn);
 			krb5_make_principal(context, &sp, r, 
-					"krbtgt", new_rlm, NULL);
+					    KRB5_TGS_NAME, new_rlm, NULL);
 			krb5_unparse_name(context, sp, &spn);	
 			goto server_lookup;
 		    }
 		}
+	    } else if(sp->name.name_string.len == 2
+		&& (ret = krb5_get_host_realm_int(context,
+						  sp->name.name_string.val[1],
+						  FALSE,
+						  &realms)) == 0) {
+		if (strcmp(realms[0], sp->realm) != 0) {
+		    kdc_log(5, "returning a referral to realm %s for "
+			    "server %s that was not found",
+			    realms[0], spn);
+		    krb5_free_principal(context, sp);
+		    free(spn);
+		    krb5_make_principal(context, &sp, r, KRB5_TGS_NAME,
+					realms[0], NULL);
+		    krb5_unparse_name(context, sp, &spn);
+		    krb5_free_host_realm(context, realms);
+		    goto server_lookup;
+		}
+		krb5_free_host_realm(context, realms);
+	    }
 	    kdc_log(0, "Server not found in database: %s: %s", spn,
 		    krb5_get_err_text(context, ret));
 	    if (ret == ENOENT)