/* ALWAYS first try service/cell@CLIENT_REALM */
if (code = pkrb5_build_principal(ctx, &increds.server,
- (int)strlen(realm_of_user),
- realm_of_user,
- ServiceName,
- CellName,
- 0))
+ (int)strlen(realm_of_user),
+ realm_of_user,
+ ServiceName,
+ CellName,
+ 0))
{
goto cleanup;
}
* then use it
*/
if (strlen(realm) != 0) {
- /* service/cell@REALM */
- increds.server = 0;
- code = pkrb5_build_principal(ctx, &increds.server,
- (int)strlen(realm),
- realm,
- ServiceName,
- CellName,
- 0);
- if ( IsDebuggerPresent() ) {
- char * cname, *sname;
- pkrb5_unparse_name(ctx, increds.client, &cname);
- pkrb5_unparse_name(ctx, increds.server, &sname);
- OutputDebugString("Getting tickets for \"");
- OutputDebugString(cname);
- OutputDebugString("\" and service \"");
- OutputDebugString(sname);
- OutputDebugString("\"\n");
- pkrb5_free_unparsed_name(ctx,cname);
- pkrb5_free_unparsed_name(ctx,sname);
- }
+ /* But only if the realm is different from the realm_of_user */
+ if (strcmp(realm_of_user, realm)) {
+ /* service/cell@REALM */
+ increds.server = 0;
+ code = pkrb5_build_principal(ctx, &increds.server,
+ (int)strlen(realm),
+ realm,
+ ServiceName,
+ CellName,
+ 0);
+ if ( IsDebuggerPresent() ) {
+ char * cname, *sname;
+ pkrb5_unparse_name(ctx, increds.client, &cname);
+ pkrb5_unparse_name(ctx, increds.server, &sname);
+ OutputDebugString("Getting tickets for \"");
+ OutputDebugString(cname);
+ OutputDebugString("\" and service \"");
+ OutputDebugString(sname);
+ OutputDebugString("\"\n");
+ pkrb5_free_unparsed_name(ctx,cname);
+ pkrb5_free_unparsed_name(ctx,sname);
+ }
- if (!code) {
- do {
- code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
- if (code == KRB5KRB_AP_ERR_REPEAT)
- Sleep(1000);
- } while(code == KRB5KRB_AP_ERR_REPEAT);
+ if (!code) {
+ do {
+ code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
+ if (code == KRB5KRB_AP_ERR_REPEAT)
+ Sleep(1000);
+ } while(code == KRB5KRB_AP_ERR_REPEAT);
+ }
+
+ if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
+ code == KRB5_ERR_HOST_REALM_UNKNOWN ||
+ code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
+ code == KRB5KRB_AP_ERR_MSG_TYPE) {
+ /* Or service@REALM */
+ pkrb5_free_principal(ctx,increds.server);
+ increds.server = 0;
+ code = pkrb5_build_principal(ctx, &increds.server,
+ (int)strlen(realm),
+ realm,
+ ServiceName,
+ 0);
+
+ if ( IsDebuggerPresent() ) {
+ char * cname, *sname;
+ pkrb5_unparse_name(ctx, increds.client, &cname);
+ pkrb5_unparse_name(ctx, increds.server, &sname);
+ OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n");
+ OutputDebugString("Trying again: getting tickets for \"");
+ OutputDebugString(cname);
+ OutputDebugString("\" and service \"");
+ OutputDebugString(sname);
+ OutputDebugString("\"\n");
+ pkrb5_free_unparsed_name(ctx,cname);
+ pkrb5_free_unparsed_name(ctx,sname);
+ }
+
+ if (!code) {
+ do {
+ code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
+ if (code == KRB5KRB_AP_ERR_REPEAT)
+ Sleep(1000);
+ } while(code == KRB5KRB_AP_ERR_REPEAT);
+ }
+ }
}
if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
- code == KRB5_ERR_HOST_REALM_UNKNOWN ||
- code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
- code == KRB5KRB_AP_ERR_MSG_TYPE) {
- /* Or service@REALM */
+ code == KRB5_ERR_HOST_REALM_UNKNOWN ||
+ code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
+ code == KRB5KRB_AP_ERR_MSG_TYPE) {
+ /* Finally service@REALM */
pkrb5_free_principal(ctx,increds.server);
increds.server = 0;
code = pkrb5_build_principal(ctx, &increds.server,
Sleep(1000);
} while(code == KRB5KRB_AP_ERR_REPEAT);
}
+
+ if (!code && !strlen(realm_of_cell))
+ copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds);
}
if (code == 0) {
Sleep(1000);
} while(code == KRB5KRB_AP_ERR_REPEAT);
}
+
if (!code && !strlen(realm_of_cell))
copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds);
}
projects / packages / o / openafs.git / commitdiff