svn rev #25863: trunk/src/lib/krb5/krb/
ghudson@MIT.EDU
ghudson at MIT.EDU
Thu May 10 13:34:14 EDT 2012
http://mv.ezproxy.com.ezproxyberklee.flo.org/fisheye/changelog/krb5/?cs=25863
Commit By: ghudson
Log Message:
Avoid requiring default realm for in_tkt_service
Use the new KRB5_PRINCIPAL_PARSE_IGNORE_REALM flag when parsing
in_tkt_service arguments in get_init_cred functions, since we're going
to overwrite the realm anyway.
Changed Files:
U trunk/src/lib/krb5/krb/get_in_tkt.c
Modified: trunk/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- trunk/src/lib/krb5/krb/get_in_tkt.c 2012-05-10 17:34:10 UTC (rev 25862)
+++ trunk/src/lib/krb5/krb/get_in_tkt.c 2012-05-10 17:34:14 UTC (rev 25863)
@@ -439,42 +439,27 @@
build_in_tkt_name(krb5_context context,
const char *in_tkt_service,
krb5_const_principal client,
- krb5_principal *server)
+ krb5_principal *server_out)
{
krb5_error_code ret;
+ krb5_principal server = NULL;
- *server = NULL;
+ *server_out = NULL;
if (in_tkt_service) {
- /* Minimally invasive fix for inability to change password with no
- * default realm, for backporting. */
- if (strcmp(in_tkt_service, "kadmin/changepw") == 0)
- in_tkt_service = "kadmin/changepw@";
-
- /* this is ugly, because so are the data structures involved. I'm
- in the library, so I'm going to manipulate the data structures
- directly, otherwise, it will be worse. */
-
- if ((ret = krb5_parse_name(context, in_tkt_service, server)))
+ ret = krb5_parse_name_flags(context, in_tkt_service,
+ KRB5_PRINCIPAL_PARSE_IGNORE_REALM,
+ &server);
+ if (ret)
return ret;
-
- /* stuff the client realm into the server principal.
- realloc if necessary */
- if ((*server)->realm.length < client->realm.length) {
- char *p = realloc((*server)->realm.data,
- client->realm.length);
- if (p == NULL) {
- krb5_free_principal(context, *server);
- *server = NULL;
- return ENOMEM;
- }
- (*server)->realm.data = p;
+ ret = krb5int_copy_data_contents(context, &client->realm,
+ &server->realm);
+ if (ret) {
+ krb5_free_principal(context, server);
+ return ret;
}
-
- (*server)->realm.length = client->realm.length;
- memcpy((*server)->realm.data, client->realm.data, client->realm.length);
} else {
- ret = krb5_build_principal_ext(context, server,
+ ret = krb5_build_principal_ext(context, &server,
client->realm.length,
client->realm.data,
KRB5_TGS_NAME_SIZE,
@@ -489,11 +474,12 @@
* Windows Server 2008 R2 RODC insists on TGS principal names having the
* right name type.
*/
- if (krb5_princ_size(context, *server) == 2 &&
- data_eq_string(*krb5_princ_component(context, *server, 0),
+ if (krb5_princ_size(context, server) == 2 &&
+ data_eq_string(*krb5_princ_component(context, server, 0),
KRB5_TGS_NAME)) {
- krb5_princ_type(context, *server) = KRB5_NT_SRV_INST;
+ krb5_princ_type(context, server) = KRB5_NT_SRV_INST;
}
+ *server_out = server;
return 0;
}
More information about the cvs-krb5
mailing list