diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-12-06 14:18:41 +1100 |
---|---|---|
committer | Amitay Isaacs <amitay@samba.org> | 2011-12-07 02:20:10 +0100 |
commit | dbbb626dc0ad7b0100aec3ee3a787e1ac18f528a (patch) | |
tree | f4a58debf6b3a02633af0007549893070244f177 /auth | |
parent | 0344e7278b5ddaba0efd7b31a894e901bd9ef6fb (diff) | |
download | samba-dbbb626dc0ad7b0100aec3ee3a787e1ac18f528a.tar.gz samba-dbbb626dc0ad7b0100aec3ee3a787e1ac18f528a.tar.bz2 samba-dbbb626dc0ad7b0100aec3ee3a787e1ac18f528a.zip |
s4-dns Use match-by-key in GSSAPI server if principal is not specified
This allows dlz_bind9 to match on exactly the same key as bind9 itself
Andrew Bartlett
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Dec 7 02:20:10 CET 2011 on sn-devel-104
Diffstat (limited to 'auth')
-rw-r--r-- | auth/credentials/credentials_krb5.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index 1b7be3f63c..1e5600c2b1 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -794,9 +794,15 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, return ENOMEM; } - /* This creates a GSSAPI cred_id_t with the principal and keytab set */ - maj_stat = gss_krb5_import_cred(&min_stat, NULL, princ, ktc->keytab, - &gcc->creds); + if (obtained < CRED_SPECIFIED) { + /* This creates a GSSAPI cred_id_t with the principal and keytab set */ + maj_stat = gss_krb5_import_cred(&min_stat, NULL, NULL, ktc->keytab, + &gcc->creds); + } else { + /* This creates a GSSAPI cred_id_t with the principal and keytab set */ + maj_stat = gss_krb5_import_cred(&min_stat, NULL, princ, ktc->keytab, + &gcc->creds); + } if (maj_stat) { if (min_stat) { ret = min_stat; |