From 687e4eba3cced6015fdcaac2c6ba675cdebc1273 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 30 Jan 2010 19:24:28 -0800 Subject: Fix bug #7079 - cliconnect gets realm wrong with trusted domains. Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy. --- source3/libads/kerberos.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) (limited to 'source3/libads/kerberos.c') diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index af8ea39370..7fb4ec33e4 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -525,6 +525,58 @@ char *kerberos_get_default_realm_from_ccache( void ) return realm; } +/************************************************************************ + Routine to get the realm from a given DNS name. Returns malloc'ed memory. + Caller must free() if the return value is not NULL. +************************************************************************/ + +char *kerberos_get_realm_from_hostname(const char *hostname) +{ +#if defined(HAVE_KRB5_GET_HOST_REALM) && defined(HAVE_KRB5_FREE_HOST_REALM) +#if defined(HAVE_KRB5_REALM_TYPE) + /* Heimdal. */ + krb5_realm *realm_list = NULL; +#else + /* MIT */ + char **realm_list = NULL; +#endif + char *realm = NULL; + krb5_error_code kerr; + krb5_context ctx = NULL; + + initialize_krb5_error_table(); + if (krb5_init_context(&ctx)) { + return NULL; + } + + kerr = krb5_get_host_realm(ctx, hostname, &realm_list); + if (kerr != 0) { + DEBUG(3,("kerberos_get_realm_from_hostname %s: " + "failed %s\n", + hostname ? hostname : "(NULL)", + error_message(kerr) )); + goto out; + } + + if (realm_list && realm_list[0]) { + realm = SMB_STRDUP(realm_list[0]); + } + + out: + + if (ctx) { + if (realm_list) { + krb5_free_host_realm(ctx, realm_list); + realm_list = NULL; + } + krb5_free_context(ctx); + ctx = NULL; + } + return realm; +#else + return NULL; +#endif +} /************************************************************************ Routine to get the salting principal for this service. This is -- cgit