diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index 54fcdc097..527811da3 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -1218,7 +1218,7 @@ static void store_cred(krb5_context context, krb5_ccache ccache, krb5_const_principal server_princ, krb5_creds *creds) { - if (strcmp(server_princ->realm, "") == 0) { + if (!krb5_principal_compare(context, creds->server, server_princ)) { krb5_principal tmp_princ = creds->server; /* * Store the cred with the pre-canon server princ first so it @@ -1229,7 +1229,6 @@ store_cred(krb5_context context, krb5_ccache ccache, creds->server = tmp_princ; /* Then store again with the canonicalized server princ */ } - krb5_cc_store_cred(context, ccache, creds); } @@ -1333,7 +1332,7 @@ next_rule: if(ret == 0 && (options & KRB5_GC_NO_STORE) == 0) store_cred(context, ccache, in_creds->server, *out_creds); - if (_krb5_have_debug(context, 5)) { + if (ret == 0 && _krb5_have_debug(context, 5)) { char *unparsed; ret = krb5_unparse_name(context, (*out_creds)->server, &unparsed); @@ -1595,7 +1594,7 @@ next_rule: if (ret == 0 && (options & KRB5_GC_NO_STORE) == 0) store_cred(context, ccache, inprinc, *out_creds); - if (_krb5_have_debug(context, 5)) { + if (ret == 0 && _krb5_have_debug(context, 5)) { char *unparsed; ret = krb5_unparse_name(context, (*out_creds)->server, &unparsed); diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c index 93ecde1f9..ced80a529 100644 --- a/lib/krb5/principal.c +++ b/lib/krb5/principal.c @@ -1563,7 +1563,7 @@ parse_name_canon_rules(krb5_context context, char **rulestrs, /* Validate parsed rule */ if (r[k].type == KRB5_NCRT_BOGUS || (r[k].type == KRB5_NCRT_QUALIFY && !r[k].domain) || - (r[k].type == KRB5_NCRT_NSS && (r[k].domain || r[k].realm))) { + (r[k].type == KRB5_NCRT_NSS && r[k].domain)) { /* Invalid rule; mark it so and clean up */ r[k].type = KRB5_NCRT_BOGUS; free(r[k].match_domain);