2025-08-08 13:49:29 +03:00 · 2005-09-10 22:25:13 +00:00
parent 00d69bdf23
commit cfdcc32f84
2 changed files with 46 additions and 31 deletions
--- a/source4/heimdal/lib/krb5/principal.c
+++ b/source4/heimdal/lib/krb5/principal.c
@ -91,10 +91,16 @@ krb5_principal_get_comp_string(krb5_context context,
    return princ_ncomp(principal, component);
 }

-krb5_error_code 
+enum realm_presence {
+	MAY,
+	MUSTNOT,
+	MUST
+};
+
+static krb5_error_code 
 parse_name(krb5_context context,
 	   const char *name,
-	   krb5_boolean short_form,
+	   enum realm_presence realm_presence,
 	   krb5_principal *principal)
 {
    krb5_error_code ret;
@ -186,7 +192,7 @@ parse_name(krb5_context context,
 	*q++ = c;
    }
    if (got_realm) {
-	if (short_form) {
+	if (realm_presence == MUSTNOT) {
 	    krb5_set_error_string (context, "realm found in 'short' principal expected to be without one!");
 	    ret = KRB5_PARSE_MALFORMED;
 	    goto exit;
@ -201,12 +207,16 @@ parse_name(krb5_context context,
 	    realm[q - start] = 0;
 	}
    }else{
-	if (short_form) {
+	if (realm_presence == MAY) {
 	    ret = krb5_get_default_realm (context, &realm);
 	    if (ret)
 	        goto exit;
-	} else {
+	} else if (realm_presence == MUSTNOT) {
 	    realm = NULL;
+	} else if (realm_presence == MUST) {
+	    krb5_set_error_string (context, "realm NOT found in principal expected to be with one!");
+	    ret = KRB5_PARSE_MALFORMED;
+	    goto exit;
 	}

 	comp[n] = malloc(q - start + 1);
@ -245,7 +255,7 @@ krb5_parse_name(krb5_context context,
 		const char *name,
 		krb5_principal *principal)
 {
-    return parse_name(context, name, FALSE, principal);
+    return parse_name(context, name, MAY, principal);
 }

 krb5_error_code KRB5_LIB_FUNCTION
@ -253,7 +263,15 @@ krb5_parse_name_norealm(krb5_context context,
 			const char *name,
 			krb5_principal *principal)
 {
-    return parse_name(context, name, TRUE, principal);
+    return parse_name(context, name, MUSTNOT, principal);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_parse_name_mustrealm(krb5_context context,
+			  const char *name,
+			  krb5_principal *principal)
+{
+    return parse_name(context, name, MUST, principal);
 }
 static const char quotable_chars[] = " \n\t\b\\/@";
 static const char replace_chars[] = " ntb\\/@";
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@ -560,12 +560,15 @@ krb5_rd_req_return_keyblock(krb5_context context,
 			    krb5_keytab keytab,
 			    krb5_flags *ap_req_options,
 			    krb5_ticket **ticket, 
-			    krb5_keyblock **keyblock)
+			    krb5_keyblock **return_keyblock)
 {
    krb5_error_code ret;
    krb5_ap_req ap_req;
+    krb5_keyblock *keyblock = NULL;
    krb5_principal service = NULL;
-    krb5_keyblock *local_keyblock;
+
+    if (return_keyblock)
+	*return_keyblock = NULL;

    if (*auth_context == NULL) {
 	ret = krb5_auth_con_init(context, auth_context);
@ -597,13 +600,13 @@ krb5_rd_req_return_keyblock(krb5_context context,
 				  &ap_req,
 				  server,
 				  keytab,
-				  &local_keyblock);
+				  &keyblock);
 	if(ret)
 	    goto out;
    } else {
 	ret = krb5_copy_keyblock(context,
 				 (*auth_context)->keyblock,
-				 &local_keyblock);
+				 &keyblock);
 	if (ret)
 	    goto out;
    }
@ -612,21 +615,20 @@ krb5_rd_req_return_keyblock(krb5_context context,
 			     auth_context,
 			     &ap_req,
 			     server,
-			     local_keyblock,
+			     keyblock,
 			     0,
 			     ap_req_options,
 			     ticket);
-    if (ret) {
-        krb5_free_keyblock(context, local_keyblock);
-    } else {
-	*keyblock = local_keyblock;
-    }
+
+    if (ret == 0 && return_keyblock)
+	*return_keyblock = keyblock;
+    else
+        krb5_free_keyblock(context, keyblock);

 out:
    free_AP_REQ(&ap_req);
    if(service)
 	krb5_free_principal(context, service);
-	    
    return ret;
 }

@ -639,19 +641,14 @@ krb5_rd_req(krb5_context context,
 	    krb5_flags *ap_req_options,
 	    krb5_ticket **ticket)
 {
-    krb5_error_code ret;
-    krb5_keyblock *keyblock;
+    return krb5_rd_req_return_keyblock(context,
+				       auth_context,
+				       inbuf,
+				       server,
+				       keytab,
+				       ap_req_options,
+				       ticket,
+				       NULL);

-    ret = krb5_rd_req_return_keyblock(context,
-				      auth_context,
-				      inbuf,
-				      server,
-				      keytab,
-				      ap_req_options,
-				      ticket,
-				      &keyblock);
-
-    krb5_free_keyblock(context, keyblock);
-    return ret;
 }