|
 |
bec1a9 |
commit 4dc389c6ae95b7bd34e762b5362c8a79fbda7c7c
|
|
|
bec1a9 |
Author: Andreas Schneider <asn@samba.org>
|
|
|
bec1a9 |
Date: Wed Dec 21 22:17:22 2016 +0100
|
|
|
bec1a9 |
|
|
|
bec1a9 |
auth/credentials: Always set the the realm if we set the principal from the ccache
|
|
|
bec1a9 |
|
|
|
bec1a9 |
This fixes a bug in gensec_gssapi_client_start() where an invalid realm
|
|
|
bec1a9 |
is used to get a Kerberos ticket.
|
|
|
bec1a9 |
|
|
|
bec1a9 |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
bec1a9 |
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
bec1a9 |
(cherry picked from commit 30c07065300281e3a67197fe39ed928346480ff7)
|
|
|
bec1a9 |
|
|
|
bec1a9 |
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
|
|
|
bec1a9 |
index 0e68012..1912c48 100644
|
|
|
bec1a9 |
--- a/auth/credentials/credentials_krb5.c
|
|
|
bec1a9 |
+++ b/auth/credentials/credentials_krb5.c
|
|
|
bec1a9 |
@@ -107,7 +107,8 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
|
|
|
bec1a9 |
enum credentials_obtained obtained,
|
|
|
bec1a9 |
const char **error_string)
|
|
|
bec1a9 |
{
|
|
|
bec1a9 |
-
|
|
|
bec1a9 |
+ bool ok;
|
|
|
bec1a9 |
+ char *realm;
|
|
|
bec1a9 |
krb5_principal princ;
|
|
|
bec1a9 |
krb5_error_code ret;
|
|
|
bec1a9 |
char *name;
|
|
|
bec1a9 |
@@ -134,11 +135,24 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
|
|
|
bec1a9 |
return ret;
|
|
|
bec1a9 |
}
|
|
|
bec1a9 |
|
|
|
bec1a9 |
- cli_credentials_set_principal(cred, name, obtained);
|
|
|
bec1a9 |
-
|
|
|
bec1a9 |
+ ok = cli_credentials_set_principal(cred, name, obtained);
|
|
|
bec1a9 |
+ if (!ok) {
|
|
|
bec1a9 |
+ krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ);
|
|
|
bec1a9 |
+ return ENOMEM;
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
free(name);
|
|
|
bec1a9 |
|
|
|
bec1a9 |
+ realm = smb_krb5_principal_get_realm(ccache->smb_krb5_context->krb5_context,
|
|
|
bec1a9 |
+ princ);
|
|
|
bec1a9 |
krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ);
|
|
|
bec1a9 |
+ if (realm == NULL) {
|
|
|
bec1a9 |
+ return ENOMEM;
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
+ ok = cli_credentials_set_realm(cred, realm, obtained);
|
|
|
bec1a9 |
+ SAFE_FREE(realm);
|
|
|
bec1a9 |
+ if (!ok) {
|
|
|
bec1a9 |
+ return ENOMEM;
|
|
|
bec1a9 |
+ }
|
|
|
bec1a9 |
|
|
|
bec1a9 |
/* set the ccache_obtained here, as it just got set to UNINITIALISED by the calls above */
|
|
|
bec1a9 |
cred->ccache_obtained = obtained;
|