oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Prefer the realm of the user when doing referrals style ISC krb5-get-creds

Browse Source 
The the realm of the user's principal and prefer that when doing a lookup.
This code still need to be smarter can cache the "initial value" -> positive result
to avoid roundtrips to the KDC.
This commit is contained in:
Love Hornquist Astrand
2009-07-17 15:43:19 -07:00
parent d4ca938866
commit 8b71d0b93f
4 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/gssapi/krb5/import_name.c
View File

@@ -83,9 +83,10 @@ import_krb5_name (OM_uint32 *minor_status,
OM_uint32
_gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
int use_dns, gss_name_t name, krb5_principal *out)
int use_dns, krb5_const_principal sourcename, gss_name_t targetname,
krb5_principal *out)
{
krb5_principal p = (krb5_principal)name;
krb5_principal p = (krb5_principal)targetname;
krb5_error_code ret;
char *hostname = NULL, *service;
@@ -96,8 +97,11 @@ _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
ret = krb5_copy_principal(context, p, out);
} else if (!use_dns) {
ret = krb5_copy_principal(context, p, out);
if (ret == 0)
krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST);
if (ret)
goto out;
krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST);
if (sourcename)
ret = krb5_principal_set_realm(context, *out, sourcename->realm);
} else {
if (p->name.name_string.len == 0)
return GSS_S_BAD_NAME;
@@ -113,6 +117,7 @@ _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
out);
}
out:
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;