oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Look for auth_to_local in the default realm's realm section...

Browse Source 
...rather than the authenticated principal's realm section.  We do
this both to maintain compatibility with MIT and because it makes
more sense.  We should likely also fix the auth_to_local_names as
cursory inspection reveals that it has the same incompatibility.
This commit is contained in:
Roland C. Dowdeswell
2012-01-10 21:55:50 +00:00
parent e2b6a449ce
commit 2c5ec44d39
5 changed files with 13 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/krb5/aname_to_localname.c
View File

@@ -290,6 +290,7 @@ krb5_aname_to_localname(krb5_context context,
{
static heim_base_once_t reg_def_plugins = HEIM_BASE_ONCE_INIT;
krb5_error_code ret;
krb5_realm realm;
size_t i;
char **rules = NULL;
char *rule;
@@ -304,8 +305,13 @@ krb5_aname_to_localname(krb5_context context,
if (ret != KRB5_PLUGIN_NO_HANDLE)
return ret;
rules = krb5_config_get_strings(context, NULL, "realms", aname->realm,
ret = krb5_get_default_realm(context, &realm);
if (ret)
return ret;
rules = krb5_config_get_strings(context, NULL, "realms", realm,
"auth_to_local", NULL);
krb5_xfree(realm);
if (!rules) {
/* Heimdal's default rule */
ret = an2ln_default(context, "HEIMDAL_DEFAULT", aname, lnsize, lname);