summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/krb5
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/krb5')
-rw-r--r--source4/heimdal/lib/krb5/principal.c32
-rw-r--r--source4/heimdal/lib/krb5/rd_req.c47
2 files changed, 47 insertions, 32 deletions
diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c
index 8540636403..ae5c8c1de8 100644
--- a/source4/heimdal/lib/krb5/principal.c
+++ b/source4/heimdal/lib/krb5/principal.c
@@ -91,10 +91,16 @@ krb5_principal_get_comp_string(krb5_context context,
return princ_ncomp(principal, component);
}
-krb5_error_code
+enum realm_presence {
+ MAY,
+ MUSTNOT,
+ MUST
+};
+
+static krb5_error_code
parse_name(krb5_context context,
const char *name,
- krb5_boolean short_form,
+ enum realm_presence realm_presence,
krb5_principal *principal)
{
krb5_error_code ret;
@@ -186,7 +192,7 @@ parse_name(krb5_context context,
*q++ = c;
}
if (got_realm) {
- if (short_form) {
+ if (realm_presence == MUSTNOT) {
krb5_set_error_string (context, "realm found in 'short' principal expected to be without one!");
ret = KRB5_PARSE_MALFORMED;
goto exit;
@@ -201,12 +207,16 @@ parse_name(krb5_context context,
realm[q - start] = 0;
}
}else{
- if (short_form) {
+ if (realm_presence == MAY) {
ret = krb5_get_default_realm (context, &realm);
if (ret)
goto exit;
- } else {
+ } else if (realm_presence == MUSTNOT) {
realm = NULL;
+ } else if (realm_presence == MUST) {
+ krb5_set_error_string (context, "realm NOT found in principal expected to be with one!");
+ ret = KRB5_PARSE_MALFORMED;
+ goto exit;
}
comp[n] = malloc(q - start + 1);
@@ -245,7 +255,7 @@ krb5_parse_name(krb5_context context,
const char *name,
krb5_principal *principal)
{
- return parse_name(context, name, FALSE, principal);
+ return parse_name(context, name, MAY, principal);
}
krb5_error_code KRB5_LIB_FUNCTION
@@ -253,7 +263,15 @@ krb5_parse_name_norealm(krb5_context context,
const char *name,
krb5_principal *principal)
{
- return parse_name(context, name, TRUE, principal);
+ return parse_name(context, name, MUSTNOT, principal);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_parse_name_mustrealm(krb5_context context,
+ const char *name,
+ krb5_principal *principal)
+{
+ return parse_name(context, name, MUST, principal);
}
static const char quotable_chars[] = " \n\t\b\\/@";
static const char replace_chars[] = " ntb\\/@";
diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index 66172c10fb..582b71db03 100644
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -560,12 +560,15 @@ krb5_rd_req_return_keyblock(krb5_context context,
krb5_keytab keytab,
krb5_flags *ap_req_options,
krb5_ticket **ticket,
- krb5_keyblock **keyblock)
+ krb5_keyblock **return_keyblock)
{
krb5_error_code ret;
krb5_ap_req ap_req;
+ krb5_keyblock *keyblock = NULL;
krb5_principal service = NULL;
- krb5_keyblock *local_keyblock;
+
+ if (return_keyblock)
+ *return_keyblock = NULL;
if (*auth_context == NULL) {
ret = krb5_auth_con_init(context, auth_context);
@@ -597,13 +600,13 @@ krb5_rd_req_return_keyblock(krb5_context context,
&ap_req,
server,
keytab,
- &local_keyblock);
+ &keyblock);
if(ret)
goto out;
} else {
ret = krb5_copy_keyblock(context,
(*auth_context)->keyblock,
- &local_keyblock);
+ &keyblock);
if (ret)
goto out;
}
@@ -612,21 +615,20 @@ krb5_rd_req_return_keyblock(krb5_context context,
auth_context,
&ap_req,
server,
- local_keyblock,
+ keyblock,
0,
ap_req_options,
ticket);
- if (ret) {
- krb5_free_keyblock(context, local_keyblock);
- } else {
- *keyblock = local_keyblock;
- }
+
+ if (ret == 0 && return_keyblock)
+ *return_keyblock = keyblock;
+ else
+ krb5_free_keyblock(context, keyblock);
out:
free_AP_REQ(&ap_req);
if(service)
krb5_free_principal(context, service);
-
return ret;
}
@@ -639,19 +641,14 @@ krb5_rd_req(krb5_context context,
krb5_flags *ap_req_options,
krb5_ticket **ticket)
{
- krb5_error_code ret;
- krb5_keyblock *keyblock;
-
- ret = krb5_rd_req_return_keyblock(context,
- auth_context,
- inbuf,
- server,
- keytab,
- ap_req_options,
- ticket,
- &keyblock);
-
- krb5_free_keyblock(context, keyblock);
- return ret;
+ return krb5_rd_req_return_keyblock(context,
+ auth_context,
+ inbuf,
+ server,
+ keytab,
+ ap_req_options,
+ ticket,
+ NULL);
+
}