Lines Matching refs:realm
233 in the local realm, then we must refuse to service the request
234 if the client claims to be from the local realm.
236 If we don't do this, then some other realm's nasty KDC can
237 claim to be authenticating a client from our realm, and we'll
339 /* someone in a foreign realm claiming to be local */
379 * The KDC should take the keytab associated with the realm and pass that to
496 * add_to_transited Adds the name of the realm which issued the
499 * the realm of the server listed in the ticket
504 * in compressed form. It will add the new realm while
506 * realm is added using this (or a similar) routine, the
514 * This includes the realm of the KDC
516 * ticket. This is the realm that is
542 * and the realm to be added. This length is calculated
543 * assuming that no compression of the new realm is possible.
550 * This procedure does not check for quoted commas in realm
572 char *realm;
581 char exp[MAX_REALM_LN]; /* Expanded current realm name */
586 int added; /* TRUE = new realm has been added */
588 realm = data2string(krb5_princ_realm(kdc_context, tgs));
589 if (realm == NULL)
594 free(realm);
602 +1 for potential space when leading slash in realm */
603 if (!(trans = (char *) malloc(strlen(realm) + strlen(otrans) + 3))) {
614 /* For the purpose of appending, the realm preceding the first */
615 /* realm in the transited field is considered the null realm */
639 added = (krb5_princ_realm(kdc_context, client)->length == strlen(realm) &&
640 !strncmp(krb5_princ_realm(kdc_context, client)->data, realm, strlen(realm))) ||
641 (krb5_princ_realm(kdc_context, server)->length == strlen(realm) &&
642 !strncmp(krb5_princ_realm(kdc_context, server)->data, realm, strlen(realm)));
697 if (!strcmp(exp, realm)) added = TRUE;
699 /* If we still have to insert the new realm */
704 /* realm is a subrealm of the current realm, compress */
705 /* the new realm, and insert immediately following the */
709 /* not a problem because the realm to be added will be a */
718 (pl = subrealm(exp, realm))) {
727 strncat(current, realm, (unsigned) pl);
730 strncat(current, realm+strlen(realm)+pl, (unsigned) (-pl));
735 /* realm to be added is a superrealm of the current realm,*/
736 /* then the current realm can be compressed. First the */
737 /* realm to be added must be compressed relative to the */
738 /* previous realm (if possible), and then the current */
739 /* realm compressed relative to the new realm. Note that */
740 /* if the realm to be added is also a superrealm of the */
741 /* previous realm, it would have been added earlier, and */
744 else if ((pl = subrealm(realm, exp))) {
747 if ((pl1 = subrealm(prev,realm))) {
753 strncat(current, realm, (unsigned) pl1);
756 strncat(current, realm+strlen(realm)+pl1, (unsigned) (-pl1));
760 if ((realm[0] == '/') && prev[0]) {
768 if (strlen(current) + strlen(realm) + 1 >= MAX_REALM_LN) {
772 strncat(current, realm, sizeof(current) - 1 - strlen(current));
818 if((realm[0] == '/') && trans[0]) {
825 if (strlen(trans) + strlen(realm) + 1 >= MAX_REALM_LN) {
829 strcat(trans, realm);
835 free(realm);
1156 * krbtgt/realm-A@realm-B
1158 * Realm A is the "server realm"; the realm of the
1159 * server of the requested ticket must match this realm.
1160 * Of course, it should be a realm serviced by this KDC.
1162 * Realm B is the "client realm"; this is what should be
1176 /* ...and that the second component matches the server realm... */
1187 * supported realm?
1457 krb5_data * realm;
1482 realm = krb5_princ_realm(context, client);
1483 salt->length = realm->length;
1484 if ((salt->data = malloc(realm->length)) == NULL)
1486 memcpy(salt->data, realm->data, realm->length);