From 4a73c067fad44a9a5a33cd592f41e7347f623bfb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sat, 17 Jan 2009 21:53:15 +0000 Subject: [PATCH] follow client realm referals git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24335 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/init_creds_pw.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index b930a3cf0..b5389beb1 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -343,7 +343,9 @@ get_init_creds_common(krb5_context context, if (ctx->keyproc == NULL) ctx->keyproc = default_s2k_func; - if (ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) + /* Enterprise name implicitly turns on canonicalize */ + if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) || + krb5_principal_get_type(context, client) == KRB5_NT_ENTERPRISE_PRINCIPAL) ctx->flags.canonicalize = 1; ctx->pre_auth_types = NULL; @@ -1489,7 +1491,7 @@ krb5_init_creds_step(krb5_context context, } } -#define MAX_PA_COUNTER 3 +#define MAX_PA_COUNTER 10 if (ctx->pa_counter > MAX_PA_COUNTER) { krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP, N_("Looping %d times while getting " @@ -1584,6 +1586,16 @@ krb5_init_creds_step(krb5_context context, N_("Preauth required but no preauth " "options send by KDC", "")); } + } else if (ret == KRB5_KDC_ERR_WRONG_REALM) { + /* client referal to a new realm */ + if (ctx->error.crealm) { + krb5_set_error_message(context, ret, + N_("Got a client referral, not but no realm", "")); + goto out; + } + ret = krb5_principal_set_realm(context, + ctx->cred.client, + *ctx->error.crealm); } if (ret) goto out;