summaryrefslogtreecommitdiff
path: root/source4/auth/kerberos/kerberos_util.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-12-06 15:56:44 +1100
committerAmitay Isaacs <amitay@gmail.com>2011-12-07 10:43:52 +1100
commit0344e7278b5ddaba0efd7b31a894e901bd9ef6fb (patch)
tree5d4ca2d4e909d4c976d3c64bca3a9e9014f474e5 /source4/auth/kerberos/kerberos_util.c
parentb9f4febd405c9ed8c5386cedeb3190aa395b41c4 (diff)
downloadsamba-0344e7278b5ddaba0efd7b31a894e901bd9ef6fb.tar.gz
samba-0344e7278b5ddaba0efd7b31a894e901bd9ef6fb.tar.bz2
samba-0344e7278b5ddaba0efd7b31a894e901bd9ef6fb.zip
auth: Allow a NULL principal to be obtained from the credentials
This is important when trying to let GSSAPI search the keytab. Andrew Bartlett
Diffstat (limited to 'source4/auth/kerberos/kerberos_util.c')
-rw-r--r--source4/auth/kerberos/kerberos_util.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index c255e6605a..0a42c3078d 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -293,14 +293,16 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
krb5_error_code ret;
const char *princ_string;
TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
+ *obtained = CRED_UNINITIALISED;
+
if (!mem_ctx) {
(*error_string) = error_message(ENOMEM);
return ENOMEM;
}
princ_string = cli_credentials_get_principal_and_obtained(credentials, mem_ctx, obtained);
if (!princ_string) {
- (*error_string) = error_message(ENOMEM);
- return ENOMEM;
+ *princ = NULL;
+ return 0;
}
ret = parse_principal(parent_ctx, princ_string,
@@ -359,6 +361,12 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx,
return ret;
}
+ if (princ == NULL) {
+ (*error_string) = talloc_asprintf(credentials, "principal, username or realm was not specified in the credentials");
+ talloc_free(mem_ctx);
+ return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+ }
+
ret = impersonate_principal_from_credentials(mem_ctx, credentials, smb_krb5_context, &impersonate_principal, error_string);
if (ret) {
talloc_free(mem_ctx);