Don't change realm in find_alternate_tgs

If a client makes a TGS request for a cross-realm TGS within a
different realm from the one we normally serve (e.g. the KDC realm is
X, and a client makes a TGS request for the server krbtgt/Y@Z), look
for alternate TGS principals within the requested server realm, not
the realm we normally serve.

This change shouldn't break any working well-formed TGS requests,
because changing the realm would trigger a failure in check_tgs_tgt.
It may fix some corner cases when multiple realms are served out of
the same KDB.  But primarily, this change makes referrals and aliases
easier to reason about, by eliminating a case where server->princ has
a different realm from request->server after the call to
search_sprinc().

diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 6415e28801dfb98fe0a1b75d0fb188dacabc319d..e66badbbad43c0df727c79ac65fec900886d93bf 100644 (file)
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -1027,7 +1027,7 @@ find_alternate_tgs(kdc_realm_t *kdc_active_realm, krb5_principal princ,
     while (--pl2 > plist) {
         tmp = *krb5_princ_realm(kdc_context, *pl2);
         krb5_princ_set_realm(kdc_context, *pl2,
-                             krb5_princ_realm(kdc_context, tgs_server));
+                             krb5_princ_realm(kdc_context, princ));
         retval = db_get_svc_princ(kdc_context, *pl2, 0, &server, status);
         krb5_princ_set_realm(kdc_context, *pl2, &tmp);
         if (retval == KRB5_KDB_NOENTRY)