windows-netidmgr-afs-provider-20070410

when using krb524 with a cross-realm service ticket the resulting krb4
cred will not contain the user's realm as there is only one realm field.

diff --git a/src/WINNT/netidmgr_plugin/afsfuncs.c b/src/WINNT/netidmgr_plugin/afsfuncs.c
index dc314fb787751482fb8583bb9aa54b41263b4590..d185494e437f18d4f9e6143991bbb71640065a55 100644 (file)
--- a/src/WINNT/netidmgr_plugin/afsfuncs.c
+++ b/src/WINNT/netidmgr_plugin/afsfuncs.c
@@ -729,6 +729,7 @@ afs_klog(khm_handle identity,
     char       ServiceName[128];
     khm_handle confighandle;
     khm_int32  supports_krb4 = 1;
+    khm_int32   got524cred = 0;
 
     /* signalling */
     BOOL        bGotCreds = FALSE; /* got creds? */
@@ -1017,6 +1018,7 @@ afs_klog(khm_handle identity,
                 goto end_krb5;
             }
             rc = KSUCCESS;
+           got524cred = 1;
             bGotCreds = TRUE;
         }
 
@@ -1146,7 +1148,7 @@ afs_klog(khm_handle identity,
         StringCbCopyA(aclient.instance, sizeof(aclient.instance), "");
 
         StringCchCatA(aclient.name, MAXKTCNAMELEN, "@");
-        StringCchCatA(aclient.name, MAXKTCNAMELEN, creds.realm);
+               StringCchCatA(aclient.name, MAXKTCNAMELEN, got524cred ? realm_of_user : creds.realm);
 
         StringCbCopyA(aclient.cell, sizeof(aclient.cell), CellName);