diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c index b7d275fa3..24e7cc7a0 100644 --- a/lib/krb5/principal.c +++ b/lib/krb5/principal.c @@ -63,6 +63,21 @@ host/admin@H5L.ORG #define princ_ncomp(P, N) ((P)->name.name_string.val[(N)]) #define princ_realm(P) ((P)->realm) +static krb5_error_code +set_default_princ_type(krb5_principal p, NAME_TYPE defnt) +{ + if (princ_num_comp(p) > 1 && strcmp(princ_ncomp(p, 0), KRB5_TGS_NAME) == 0) + princ_type(p) = KRB5_NT_SRV_INST; + else if (princ_num_comp(p) > 1 && strcmp(princ_ncomp(p, 0), "host") == 0) + princ_type(p) = KRB5_NT_SRV_HST; + else if (princ_num_comp(p) == 2 && + strcmp(princ_ncomp(p, 0), KRB5_WELLKNOWN_NAME) == 0) + princ_type(p) = KRB5_NT_WELLKNOWN; + else + princ_type(p) = defnt; + return 0; +} + static krb5_error_code append_component(krb5_context, krb5_principal, const char *, size_t); @@ -346,13 +361,13 @@ krb5_parse_name_flags(krb5_context context, ret = krb5_enomem(context); goto exit; } - if (enterprise) - (*principal)->name.name_type = KRB5_NT_ENTERPRISE_PRINCIPAL; - else - (*principal)->name.name_type = KRB5_NT_PRINCIPAL; (*principal)->name.name_string.val = comp; princ_num_comp(*principal) = n; (*principal)->realm = realm; + if (enterprise) + princ_type(*principal) = KRB5_NT_ENTERPRISE_PRINCIPAL; + else + set_default_princ_type(*principal, KRB5_NT_PRINCIPAL); free(s); return 0; exit: @@ -817,10 +832,10 @@ build_principal(krb5_context context, krb5_error_code ret; krb5_principal p; + *principal = NULL; p = calloc(1, sizeof(*p)); if (p == NULL) return krb5_enomem(context); - princ_type(p) = KRB5_NT_PRINCIPAL; princ_realm(p) = strdup(realm); if (p->realm == NULL) { @@ -829,9 +844,10 @@ build_principal(krb5_context context, } ret = func(context, p, ap); - if (ret == 0) + if (ret == 0) { *principal = p; - else + set_default_princ_type(p, KRB5_NT_PRINCIPAL); + } else krb5_free_principal(context, p); return ret; } @@ -1192,7 +1208,6 @@ krb5_principal_is_krbtgt(krb5_context context, krb5_const_principal p) { return p->name.name_string.len == 2 && strcmp(p->name.name_string.val[0], KRB5_TGS_NAME) == 0; - } /** diff --git a/lib/krb5/test_pknistkdf.c b/lib/krb5/test_pknistkdf.c index 9fa447402..f97dddf38 100644 --- a/lib/krb5/test_pknistkdf.c +++ b/lib/krb5/test_pknistkdf.c @@ -244,6 +244,14 @@ test_dh2key(krb5_context context, int i, struct testcase *c) ret = krb5_parse_name(context, c->server, &server); if (ret) krb5_err(context, 1, ret, "parse_name: %s", c->server); + /* + * Making krb5_build_principal*() set a reasonable default principal + * name type broke the test vectors here. Rather than regenerate + * the vectors, and to prove that this was the issue, we coerce the + * name types back to their original. + */ + krb5_principal_set_type(context, client, KRB5_NT_PRINCIPAL); + krb5_principal_set_type(context, server, KRB5_NT_PRINCIPAL); if (verbose_flag) { char *str; diff --git a/tests/gss/check-context.in b/tests/gss/check-context.in index 24277d58a..432500555 100644 --- a/tests/gss/check-context.in +++ b/tests/gss/check-context.in @@ -178,8 +178,8 @@ ${context} --name-type=krb5-principal-name host/lucid.test.h5l.se@${R} || \ echo "plain (krb5 realmless)" ; > messages.log ${context} --name-type=krb5-principal-name host/lucid.test.h5l.se || \ { eval "$testfailed"; } -echo "plain (krb5 realmless short-form should fail)" ; > messages.log -${context} --name-type=krb5-principal-name host/lucid 2>/dev/null && \ +echo "plain (krb5 realmless short-form)" ; > messages.log +${context} --name-type=krb5-principal-name host/lucid 2>/dev/null || \ { eval "$testfailed"; } echo "creating short-form princ" ${kadmin} add -p p1 --use-defaults host/lucid@${R} || exit 1