diff options
Diffstat (limited to 'source4/heimdal/lib/krb5')
-rw-r--r-- | source4/heimdal/lib/krb5/principal.c | 32 | ||||
-rw-r--r-- | source4/heimdal/lib/krb5/rd_req.c | 47 |
2 files changed, 47 insertions, 32 deletions
diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 8540636403..ae5c8c1de8 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -91,10 +91,16 @@ krb5_principal_get_comp_string(krb5_context context, return princ_ncomp(principal, component); } -krb5_error_code +enum realm_presence { + MAY, + MUSTNOT, + MUST +}; + +static krb5_error_code parse_name(krb5_context context, const char *name, - krb5_boolean short_form, + enum realm_presence realm_presence, krb5_principal *principal) { krb5_error_code ret; @@ -186,7 +192,7 @@ parse_name(krb5_context context, *q++ = c; } if (got_realm) { - if (short_form) { + if (realm_presence == MUSTNOT) { krb5_set_error_string (context, "realm found in 'short' principal expected to be without one!"); ret = KRB5_PARSE_MALFORMED; goto exit; @@ -201,12 +207,16 @@ parse_name(krb5_context context, realm[q - start] = 0; } }else{ - if (short_form) { + if (realm_presence == MAY) { ret = krb5_get_default_realm (context, &realm); if (ret) goto exit; - } else { + } else if (realm_presence == MUSTNOT) { realm = NULL; + } else if (realm_presence == MUST) { + krb5_set_error_string (context, "realm NOT found in principal expected to be with one!"); + ret = KRB5_PARSE_MALFORMED; + goto exit; } comp[n] = malloc(q - start + 1); @@ -245,7 +255,7 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *principal) { - return parse_name(context, name, FALSE, principal); + return parse_name(context, name, MAY, principal); } krb5_error_code KRB5_LIB_FUNCTION @@ -253,7 +263,15 @@ krb5_parse_name_norealm(krb5_context context, const char *name, krb5_principal *principal) { - return parse_name(context, name, TRUE, principal); + return parse_name(context, name, MUSTNOT, principal); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_parse_name_mustrealm(krb5_context context, + const char *name, + krb5_principal *principal) +{ + return parse_name(context, name, MUST, principal); } static const char quotable_chars[] = " \n\t\b\\/@"; static const char replace_chars[] = " ntb\\/@"; diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index 66172c10fb..582b71db03 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -560,12 +560,15 @@ krb5_rd_req_return_keyblock(krb5_context context, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket, - krb5_keyblock **keyblock) + krb5_keyblock **return_keyblock) { krb5_error_code ret; krb5_ap_req ap_req; + krb5_keyblock *keyblock = NULL; krb5_principal service = NULL; - krb5_keyblock *local_keyblock; + + if (return_keyblock) + *return_keyblock = NULL; if (*auth_context == NULL) { ret = krb5_auth_con_init(context, auth_context); @@ -597,13 +600,13 @@ krb5_rd_req_return_keyblock(krb5_context context, &ap_req, server, keytab, - &local_keyblock); + &keyblock); if(ret) goto out; } else { ret = krb5_copy_keyblock(context, (*auth_context)->keyblock, - &local_keyblock); + &keyblock); if (ret) goto out; } @@ -612,21 +615,20 @@ krb5_rd_req_return_keyblock(krb5_context context, auth_context, &ap_req, server, - local_keyblock, + keyblock, 0, ap_req_options, ticket); - if (ret) { - krb5_free_keyblock(context, local_keyblock); - } else { - *keyblock = local_keyblock; - } + + if (ret == 0 && return_keyblock) + *return_keyblock = keyblock; + else + krb5_free_keyblock(context, keyblock); out: free_AP_REQ(&ap_req); if(service) krb5_free_principal(context, service); - return ret; } @@ -639,19 +641,14 @@ krb5_rd_req(krb5_context context, krb5_flags *ap_req_options, krb5_ticket **ticket) { - krb5_error_code ret; - krb5_keyblock *keyblock; - - ret = krb5_rd_req_return_keyblock(context, - auth_context, - inbuf, - server, - keytab, - ap_req_options, - ticket, - &keyblock); - - krb5_free_keyblock(context, keyblock); - return ret; + return krb5_rd_req_return_keyblock(context, + auth_context, + inbuf, + server, + keytab, + ap_req_options, + ticket, + NULL); + } |