summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/heimdal/lib/krb5/get_for_creds.c75
1 files changed, 41 insertions, 34 deletions
diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c
index adb6000cd6..7bc8942f66 100644
--- a/source4/heimdal/lib/krb5/get_for_creds.c
+++ b/source4/heimdal/lib/krb5/get_for_creds.c
@@ -162,7 +162,8 @@ krb5_get_forwarded_creds (krb5_context context,
{
krb5_error_code ret;
krb5_creds *out_creds;
- krb5_addresses addrs, *paddrs;
+ krb5_addresses *paddrs = NULL;
+ krb5_addresses addrs;
KRB_CRED cred;
KrbCredInfo *krb_cred_info;
EncKrbCredPart enc_krb_cred_part;
@@ -171,50 +172,56 @@ krb5_get_forwarded_creds (krb5_context context,
size_t buf_size;
krb5_kdc_flags kdc_flags;
krb5_crypto crypto;
- struct addrinfo *ai;
int save_errno;
krb5_creds *ticket;
char *realm;
+ krb5_boolean noaddr_ever;
+
+ addrs.len = 0;
+ addrs.val = NULL;
if (in_creds->client && in_creds->client->realm)
realm = in_creds->client->realm;
else
realm = in_creds->server->realm;
- addrs.len = 0;
- addrs.val = NULL;
- paddrs = &addrs;
-
- /*
- * If tickets are address-less, forward address-less tickets.
- */
-
- ret = _krb5_get_krbtgt (context,
- ccache,
- realm,
- &ticket);
- if(ret == 0) {
- if (ticket->addresses.len == 0)
- paddrs = NULL;
- krb5_free_creds (context, ticket);
+ krb5_appdefault_boolean(context, NULL, realm, "no-addresses-ever",
+ TRUE, &noaddr_ever);
+ if (!noaddr_ever) {
+ struct addrinfo *ai;
+ paddrs = &addrs;
+
+ /*
+ * If tickets are address-less, forward address-less tickets.
+ */
+
+ ret = _krb5_get_krbtgt (context,
+ ccache,
+ realm,
+ &ticket);
+ if(ret == 0) {
+ if (ticket->addresses.len == 0)
+ paddrs = NULL;
+ krb5_free_creds (context, ticket);
+ }
+
+ if (paddrs != NULL) {
+
+ ret = getaddrinfo (hostname, NULL, NULL, &ai);
+ if (ret) {
+ save_errno = errno;
+ krb5_set_error_string(context, "resolving %s: %s",
+ hostname, gai_strerror(ret));
+ return krb5_eai_to_heim_errno(ret, save_errno);
+ }
+
+ ret = add_addrs (context, &addrs, ai);
+ freeaddrinfo (ai);
+ if (ret)
+ return ret;
+ }
}
-
- if (paddrs != NULL) {
- ret = getaddrinfo (hostname, NULL, NULL, &ai);
- if (ret) {
- save_errno = errno;
- krb5_set_error_string(context, "resolving %s: %s",
- hostname, gai_strerror(ret));
- return krb5_eai_to_heim_errno(ret, save_errno);
- }
-
- ret = add_addrs (context, &addrs, ai);
- freeaddrinfo (ai);
- if (ret)
- return ret;
- }
-
kdc_flags.b = int2KDCOptions(flags);
ret = krb5_get_kdc_cred (context,