oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Retain ret != 0 when capaths finds no match.

Browse Source
This commit is contained in:
Viktor Dukhovni
2017-07-12 01:58:51 -04:00
committed by Jeffrey Altman
parent 6dd3eb836b
commit 3910c23378
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kdc/krb5tgs.c
View File

@@ -1517,7 +1517,7 @@ tgs_build_reply(krb5_context context,
AuthorizationData **auth_data, AuthorizationData **auth_data,
const struct sockaddr *from_addr) const struct sockaddr *from_addr)
{ {
krb5_error_code ret; krb5_error_code ret, ret2;
krb5_principal cp = NULL, sp = NULL, rsp = NULL, tp = NULL, dp = NULL; krb5_principal cp = NULL, sp = NULL, rsp = NULL, tp = NULL, dp = NULL;
krb5_principal krbtgt_out_principal = NULL; krb5_principal krbtgt_out_principal = NULL;
char *spn = NULL, *cpn = NULL, *tpn = NULL, *dpn = NULL, *krbtgt_out_n = NULL; char *spn = NULL, *cpn = NULL, *tpn = NULL, *dpn = NULL, *krbtgt_out_n = NULL;
@@ -1683,11 +1683,13 @@ server_lookup:
if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) { if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
if (capath == NULL) { if (capath == NULL) {
/* With referalls, hierarchical capaths are always enabled */ /* With referalls, hierarchical capaths are always enabled */
ret = _krb5_find_capath(context, tgt->crealm, our_realm, ret2 = _krb5_find_capath(context, tgt->crealm, our_realm,
req_rlm, TRUE, &capath, &num_capath); req_rlm, TRUE, &capath, &num_capath);
if (ret) if (ret2) {
ret = ret2;
goto out; goto out;
} }
}
new_rlm = num_capath > 0 ? capath[--num_capath] : NULL; new_rlm = num_capath > 0 ? capath[--num_capath] : NULL;
if (new_rlm) { if (new_rlm) {
kdc_log(context, config, 5, "krbtgt from %s via %s for " kdc_log(context, config, 5, "krbtgt from %s via %s for "