(get_cred_from_kdc_flags): look in [libdefaults]capath for better hint
of realm to send request to. this allows the client to specify `realm routing information' in case it cannot be done at the server (which is preferred) git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9485 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
|
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||||
* All rights reserved.
|
* All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -621,7 +621,7 @@ get_cred_from_kdc_flags(krb5_context context,
|
|||||||
{
|
{
|
||||||
krb5_error_code ret;
|
krb5_error_code ret;
|
||||||
krb5_creds *tgt, tmp_creds;
|
krb5_creds *tgt, tmp_creds;
|
||||||
krb5_realm client_realm, server_realm;
|
krb5_const_realm client_realm, server_realm, try_realm;
|
||||||
|
|
||||||
*out_creds = NULL;
|
*out_creds = NULL;
|
||||||
|
|
||||||
@@ -631,9 +631,15 @@ get_cred_from_kdc_flags(krb5_context context,
|
|||||||
ret = krb5_copy_principal(context, in_creds->client, &tmp_creds.client);
|
ret = krb5_copy_principal(context, in_creds->client, &tmp_creds.client);
|
||||||
if(ret)
|
if(ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
try_realm = krb5_config_get_string(context, NULL, "libdefaults",
|
||||||
|
"capath", server_realm, NULL);
|
||||||
|
if (try_realm == NULL)
|
||||||
|
try_realm = client_realm;
|
||||||
|
|
||||||
ret = krb5_make_principal(context,
|
ret = krb5_make_principal(context,
|
||||||
&tmp_creds.server,
|
&tmp_creds.server,
|
||||||
client_realm,
|
try_realm,
|
||||||
KRB5_TGS_NAME,
|
KRB5_TGS_NAME,
|
||||||
server_realm,
|
server_realm,
|
||||||
NULL);
|
NULL);
|
||||||
|
|||||||
Reference in New Issue
Block a user