From 0344e7278b5ddaba0efd7b31a894e901bd9ef6fb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 6 Dec 2011 15:56:44 +1100 Subject: auth: Allow a NULL principal to be obtained from the credentials This is important when trying to let GSSAPI search the keytab. Andrew Bartlett --- source4/auth/kerberos/kerberos_util.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'source4/auth/kerberos') diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index c255e6605a..0a42c3078d 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -293,14 +293,16 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx, krb5_error_code ret; const char *princ_string; TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); + *obtained = CRED_UNINITIALISED; + if (!mem_ctx) { (*error_string) = error_message(ENOMEM); return ENOMEM; } princ_string = cli_credentials_get_principal_and_obtained(credentials, mem_ctx, obtained); if (!princ_string) { - (*error_string) = error_message(ENOMEM); - return ENOMEM; + *princ = NULL; + return 0; } ret = parse_principal(parent_ctx, princ_string, @@ -359,6 +361,12 @@ krb5_error_code principal_from_credentials(TALLOC_CTX *parent_ctx, return ret; } + if (princ == NULL) { + (*error_string) = talloc_asprintf(credentials, "principal, username or realm was not specified in the credentials"); + talloc_free(mem_ctx); + return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; + } + ret = impersonate_principal_from_credentials(mem_ctx, credentials, smb_krb5_context, &impersonate_principal, error_string); if (ret) { talloc_free(mem_ctx); -- cgit