oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Prefer the realm of the user when doing referrals style ISC krb5-get-creds

Browse Source 
The the realm of the user's principal and prefer that when doing a lookup.
This code still need to be smarter can cache the "initial value" -> positive result
to avoid roundtrips to the KDC.
This commit is contained in:
Love Hornquist Astrand
2009-07-17 15:43:19 -07:00
parent d4ca938866
commit 8b71d0b93f
4 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/gssapi/krb5/acquire_cred.c
View File

@@ -339,8 +339,8 @@ OM_uint32 _gsskrb5_acquire_cred
if (desired_name != GSS_C_NO_NAME) { if (desired_name != GSS_C_NO_NAME) {
ret = _gsskrb5_canon_name(minor_status, context, 0, desired_name, ret = _gsskrb5_canon_name(minor_status, context, 0, NULL,
&handle->principal); desired_name, &handle->principal);
if (ret) { if (ret) {
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
free(handle); free(handle);

2
lib/gssapi/krb5/canonicalize_name.c
View File

@@ -48,7 +48,7 @@ OM_uint32 _gsskrb5_canonicalize_name (
GSSAPI_KRB5_INIT (&context); GSSAPI_KRB5_INIT (&context);
ret = _gsskrb5_canon_name(minor_status, context, 1, input_name, &name); ret = _gsskrb5_canon_name(minor_status, context, 1, NULL, input_name, &name);
if (ret) if (ret)
return ret; return ret;

13
lib/gssapi/krb5/import_name.c
View File

@@ -83,9 +83,10 @@ import_krb5_name (OM_uint32 *minor_status,
OM_uint32 OM_uint32
_gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context, _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
int use_dns, gss_name_t name, krb5_principal *out) int use_dns, krb5_const_principal sourcename, gss_name_t targetname,
krb5_principal *out)
{ {
krb5_principal p = (krb5_principal)name; krb5_principal p = (krb5_principal)targetname;
krb5_error_code ret; krb5_error_code ret;
char *hostname = NULL, *service; char *hostname = NULL, *service;
@@ -96,8 +97,11 @@ _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
ret = krb5_copy_principal(context, p, out); ret = krb5_copy_principal(context, p, out);
} else if (!use_dns) { } else if (!use_dns) {
ret = krb5_copy_principal(context, p, out); ret = krb5_copy_principal(context, p, out);
if (ret == 0) if (ret)
krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST); goto out;
krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST);
if (sourcename)
ret = krb5_principal_set_realm(context, *out, sourcename->realm);
} else { } else {
if (p->name.name_string.len == 0) if (p->name.name_string.len == 0)
return GSS_S_BAD_NAME; return GSS_S_BAD_NAME;
@@ -113,6 +117,7 @@ _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
out); out);
} }
out:
if (ret) { if (ret) {
*minor_status = ret; *minor_status = ret;
return GSS_S_FAILURE; return GSS_S_FAILURE;

2
lib/gssapi/krb5/init_sec_context.c
View File

@@ -191,7 +191,7 @@ gsskrb5_get_creds(
} }
ret = _gsskrb5_canon_name(minor_status, context, use_dns, ret = _gsskrb5_canon_name(minor_status, context, use_dns,
target_name, &ctx->target); ctx->source, target_name, &ctx->target);
if (ret) if (ret)
return ret; return ret;