summaryrefslogtreecommitdiff
path: root/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-12-06 14:18:41 +1100
committerAmitay Isaacs <amitay@samba.org>2011-12-07 02:20:10 +0100
commitdbbb626dc0ad7b0100aec3ee3a787e1ac18f528a (patch)
treef4a58debf6b3a02633af0007549893070244f177 /auth
parent0344e7278b5ddaba0efd7b31a894e901bd9ef6fb (diff)
downloadsamba-dbbb626dc0ad7b0100aec3ee3a787e1ac18f528a.tar.gz
samba-dbbb626dc0ad7b0100aec3ee3a787e1ac18f528a.tar.bz2
samba-dbbb626dc0ad7b0100aec3ee3a787e1ac18f528a.zip
s4-dns Use match-by-key in GSSAPI server if principal is not specified
This allows dlz_bind9 to match on exactly the same key as bind9 itself Andrew Bartlett Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed Dec 7 02:20:10 CET 2011 on sn-devel-104
Diffstat (limited to 'auth')
-rw-r--r--auth/credentials/credentials_krb5.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index 1b7be3f63c..1e5600c2b1 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -794,9 +794,15 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
return ENOMEM;
}
- /* This creates a GSSAPI cred_id_t with the principal and keytab set */
- maj_stat = gss_krb5_import_cred(&min_stat, NULL, princ, ktc->keytab,
- &gcc->creds);
+ if (obtained < CRED_SPECIFIED) {
+ /* This creates a GSSAPI cred_id_t with the principal and keytab set */
+ maj_stat = gss_krb5_import_cred(&min_stat, NULL, NULL, ktc->keytab,
+ &gcc->creds);
+ } else {
+ /* This creates a GSSAPI cred_id_t with the principal and keytab set */
+ maj_stat = gss_krb5_import_cred(&min_stat, NULL, princ, ktc->keytab,
+ &gcc->creds);
+ }
if (maj_stat) {
if (min_stat) {
ret = min_stat;