Fix cross-realm authentication in Samba4's KDC.
authorAndrew Bartlett <abartlet@samba.org>
Thu, 2 Oct 2008 18:30:14 +0000 (11:30 -0700)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 6 Oct 2008 21:28:27 +0000 (14:28 -0700)
source4/kdc/hdb-samba4.c

index 818c4a12fda753c297bf00d268020a99e343df9d..5b7f55822e5bb6f52ebed889f6978abe8dff413a 100644 (file)
@@ -758,7 +758,7 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db,
                goto out;
        }
 
                goto out;
        }
 
-       ndr_err = ndr_pull_struct_blob_all(password_val, mem_ctx, private->iconv_convenience, &password_blob,
+       ndr_err = ndr_pull_struct_blob(password_val, mem_ctx, private->iconv_convenience, &password_blob,
                                           (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                ret = EINVAL;
                                           (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                ret = EINVAL;
@@ -813,6 +813,8 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db,
                entry_ex->entry.keys.len++;
        }
                
                entry_ex->entry.keys.len++;
        }
                
+       entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal)));
+
        ret = copy_Principal(principal, entry_ex->entry.principal);
        if (ret) {
                krb5_clear_error_string(context);
        ret = copy_Principal(principal, entry_ex->entry.principal);
        if (ret) {
                krb5_clear_error_string(context);
@@ -1155,7 +1157,7 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db,
                                        principal, HDB_SAMBA4_ENT_TYPE_KRBTGT, 
                                        msg[0], realm_ref_msg_1[0], entry_ex);
                if (ret != 0) {
                                        principal, HDB_SAMBA4_ENT_TYPE_KRBTGT, 
                                        msg[0], realm_ref_msg_1[0], entry_ex);
                if (ret != 0) {
-                       krb5_warnx(context, "LDB_fetch: message2entry failed"); 
+                       krb5_warnx(context, "LDB_fetch: self krbtgt message2entry failed");     
                }
                return ret;
 
                }
                return ret;
 
@@ -1193,7 +1195,7 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db,
                                              principal, direction, 
                                              msg[0], entry_ex);
                if (ret != 0) {
                                              principal, direction, 
                                              msg[0], entry_ex);
                if (ret != 0) {
-                       krb5_warnx(context, "LDB_fetch: message2entry failed"); 
+                       krb5_warnx(context, "LDB_fetch: trust_message2entry failed");   
                }
                return ret;
 
                }
                return ret;