From 81b7ba2a6503b4bc7199d78adf97d956b1e932a5 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Thu, 29 Jul 2010 19:20:46 -0700 Subject: Fix wallet-rekey with foreign realm keytab entries The loop handling finding principals to rekey was not correctly coping with principals from foreign realms. --- client/keytab.c | 4 ++-- tests/data/fake-keytab-old | Bin 334 -> 785 bytes tests/data/fake-keytab-rekey | Bin 698 -> 1149 bytes 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/client/keytab.c b/client/keytab.c index 41baa73..e00c2dd 100644 --- a/client/keytab.c +++ b/client/keytab.c @@ -51,7 +51,7 @@ keytab_principals(krb5_context ctx, const char *file, char *realm) while ((status = krb5_kt_next_entry(ctx, keytab, &entry, &cursor)) == 0) { status = krb5_unparse_name(ctx, entry.principal, &princname); if (status != 0) - sysdie("error, cannot unparse name for a principal"); + die_krb5(ctx, status, "cannot unparse name for a principal"); /* Separate into principal and realm. */ princrealm = strchr(princname, '@'); @@ -60,7 +60,7 @@ keytab_principals(krb5_context ctx, const char *file, char *realm) princrealm++; } if (princrealm == NULL || strcmp(princrealm, realm) != 0) - break; + continue; /* Check to see if the principal has already been listed. */ found = false; diff --git a/tests/data/fake-keytab-old b/tests/data/fake-keytab-old index 714d9b6..f7ee9c0 100644 Binary files a/tests/data/fake-keytab-old and b/tests/data/fake-keytab-old differ diff --git a/tests/data/fake-keytab-rekey b/tests/data/fake-keytab-rekey index 6c9c7f2..4e7a507 100644 Binary files a/tests/data/fake-keytab-rekey and b/tests/data/fake-keytab-rekey differ -- cgit v1.2.3