diff options
author | Andreas Schneider <asn@samba.org> | 2016-12-21 22:17:22 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2017-01-10 13:54:17 +0100 |
commit | 30c07065300281e3a67197fe39ed928346480ff7 (patch) | |
tree | 78bb0f6588b9ce8cd938ba3db11ca24fbe93e646 /auth | |
parent | 2a2c03c655e51ff83483bbde1ded36c2e679faa3 (diff) | |
download | samba-30c07065300281e3a67197fe39ed928346480ff7.tar.gz |
auth/credentials: Always set the the realm if we set the principal from the ccache
This fixes a bug in gensec_gssapi_client_start() where an invalid realm
is used to get a Kerberos ticket.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/credentials/credentials_krb5.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index e974df9a0ba..a0346a265fe 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -107,7 +107,8 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, enum credentials_obtained obtained, const char **error_string) { - + bool ok; + char *realm; krb5_principal princ; krb5_error_code ret; char *name; @@ -134,11 +135,24 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, return ret; } - cli_credentials_set_principal(cred, name, obtained); - + ok = cli_credentials_set_principal(cred, name, obtained); + if (!ok) { + krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ); + return ENOMEM; + } free(name); + realm = smb_krb5_principal_get_realm(ccache->smb_krb5_context->krb5_context, + princ); krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ); + if (realm == NULL) { + return ENOMEM; + } + ok = cli_credentials_set_realm(cred, realm, obtained); + SAFE_FREE(realm); + if (!ok) { + return ENOMEM; + } /* set the ccache_obtained here, as it just got set to UNINITIALISED by the calls above */ cred->ccache_obtained = obtained; |