From dbbb626dc0ad7b0100aec3ee3a787e1ac18f528a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 6 Dec 2011 14:18:41 +1100 Subject: s4-dns Use match-by-key in GSSAPI server if principal is not specified This allows dlz_bind9 to match on exactly the same key as bind9 itself Andrew Bartlett Autobuild-User: Amitay Isaacs Autobuild-Date: Wed Dec 7 02:20:10 CET 2011 on sn-devel-104 --- auth/credentials/credentials_krb5.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'auth') diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index 1b7be3f63c..1e5600c2b1 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -794,9 +794,15 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, return ENOMEM; } - /* This creates a GSSAPI cred_id_t with the principal and keytab set */ - maj_stat = gss_krb5_import_cred(&min_stat, NULL, princ, ktc->keytab, - &gcc->creds); + if (obtained < CRED_SPECIFIED) { + /* This creates a GSSAPI cred_id_t with the principal and keytab set */ + maj_stat = gss_krb5_import_cred(&min_stat, NULL, NULL, ktc->keytab, + &gcc->creds); + } else { + /* This creates a GSSAPI cred_id_t with the principal and keytab set */ + maj_stat = gss_krb5_import_cred(&min_stat, NULL, princ, ktc->keytab, + &gcc->creds); + } if (maj_stat) { if (min_stat) { ret = min_stat; -- cgit