Use krb5_princ_component() instead of krb5_princ_realm() for MIT Kerberos

like we did before I messed things up ;-)

Use krb5_principal_get_comp_string() to do the same thing w/ Heimdal.
I'm not sure if the component should be 0 or 1 in this case.

#define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
older versions lack ENCTYPE_DES_CBC_MD5.  This is gross and there
should be a configure check for this I guess.

diff --git a/auth/kerb5.c b/auth/kerb5.c
index 0ba50be8536acd9e94ced49f7b0451e5dda36ca8..2db25ef60afc3f0ca0869fbdec914611d11f85cd 100644 (file)
--- a/auth/kerb5.c
+++ b/auth/kerb5.c
@@ -69,9 +69,11 @@ static const char rcsid[] = "$Sudo$";
 #endif /* lint */
 
 #ifdef HAVE_HEIMDAL
+# define extract_name(c, p)            krb5_principal_get_comp_string(c, p, 0);
 # define krb5_free_data_contents(c, d) krb5_data_free(d)
+# define ENCTYPE_DES_CBC_MD5           ETYPE_DES_CBC_MD5       /* XXX */
 #else
-# define krb5_principal_get_realm(c, p)        (krb5_princ_realm(c, p)->data)
+# define extract_name(c, p)            (krb5_princ_component(c, p, 1)->data)
 #endif
 
 static int verify_krb_v5_tgt __P((krb5_context, krb5_ccache, char *));
@@ -272,9 +274,8 @@ verify_krb_v5_tgt(sudo_context, ccache, auth_name)
        return(-1);
     }
 
-    /* Extract the name directly. */
-    strlcpy(phost, krb5_principal_get_realm(sudo_context, princ),
-           sizeof(phost));
+    /* Extract the name directly. Yow. */
+    strlcpy(phost, extract_name(sudo_context, princ), sizeof(phost));
 
     /*
      * Do we have host/<host> keys?