svn rev #23490: branches/anonymous/src/lib/krb5/krb/

hartmans@MIT.EDU hartmans at MIT.EDU
Wed Dec 23 16:09:43 EST 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=23490
Commit By: hartmans
Log Message:
In case of anonymous client principal, use the realm of the server
principal or if not specified the default realm for determining what
KDC to contact.


Changed Files:
U   branches/anonymous/src/lib/krb5/krb/get_in_tkt.c
Modified: branches/anonymous/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- branches/anonymous/src/lib/krb5/krb/get_in_tkt.c	2009-12-23 21:09:39 UTC (rev 23489)
+++ branches/anonymous/src/lib/krb5/krb/get_in_tkt.c	2009-12-23 21:09:43 UTC (rev 23490)
@@ -1047,37 +1047,47 @@
     *server = NULL;
 
     if (in_tkt_service) {
-        /* this is ugly, because so are the data structures involved.  I'm
-           in the library, so I'm going to manipulate the data structures
-           directly, otherwise, it will be worse. */
 
         if ((ret = krb5_parse_name(context, in_tkt_service, server)))
             return ret;
 
-        /* stuff the client realm into the server principal.
+        /* stuff the client realm into the server principal. unless using anonymous
            realloc if necessary */
-        if ((*server)->realm.length < client->realm.length) {
-            char *p = realloc((*server)->realm.data,
-                              client->realm.length);
-            if (p == NULL) {
-                krb5_free_principal(context, *server);
-                *server = NULL;
-                return ENOMEM;
+        if (!krb5_principal_compare( context, client, krb5_anonymous_principal())) {
+            if ((*server)->realm.length < client->realm.length) {
+                char *p = realloc((*server)->realm.data,
+                                  client->realm.length);
+                if (p == NULL) {
+                    krb5_free_principal(context, *server);
+                    *server = NULL;
+                    return ENOMEM;
+                }
+                (*server)->realm.data = p;
             }
-            (*server)->realm.data = p;
+
+            (*server)->realm.length = client->realm.length;
+            memcpy((*server)->realm.data, client->realm.data, client->realm.length);
         }
-
-        (*server)->realm.length = client->realm.length;
-        memcpy((*server)->realm.data, client->realm.data, client->realm.length);
     } else {
+        krb5_data realm = (krb5_data ) client->realm;
+        char *free_realm = NULL;
+        if (krb5_principal_compare(context, client, krb5_anonymous_principal())) {
+            ret = krb5_get_default_realm( context, &free_realm);
+            if (ret != 0)
+                return ret;
+            realm.data = free_realm;
+            realm.length = strlen(free_realm);
+        }
         ret = krb5_build_principal_ext(context, server,
-                                       client->realm.length,
-                                       client->realm.data,
+                                       realm.length,
+                                       realm.data,
                                        KRB5_TGS_NAME_SIZE,
                                        KRB5_TGS_NAME,
-                                       client->realm.length,
-                                       client->realm.data,
+                                       realm.length,
+                                       realm.data,
                                        0);
+        if (free_realm)
+            krb5_free_default_realm( context, free_realm);
     }
     return ret;
 }

More information about the cvs-krb5 mailing list