svn rev #23502: branches/anonymous/src/lib/krb5/krb/
hartmans@MIT.EDU
hartmans at MIT.EDU
Wed Dec 23 16:10:23 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=23502
Commit By: hartmans
Log Message:
Anonymous client side support.
* Permit realm canonicalization for anonymous principals
* If we are requesting anonymous tickets, set the KDC option and name type
Changed Files:
U branches/anonymous/src/lib/krb5/krb/get_in_tkt.c
Modified: branches/anonymous/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- branches/anonymous/src/lib/krb5/krb/get_in_tkt.c 2009-12-23 21:10:19 UTC (rev 23501)
+++ branches/anonymous/src/lib/krb5/krb/get_in_tkt.c 2009-12-23 21:10:23 UTC (rev 23502)
@@ -304,7 +304,9 @@
* principal) and we requested (and received) a TGT.
*/
canon_req = ((request->kdc_options & KDC_OPT_CANONICALIZE) != 0) ||
- (krb5_princ_type(context, request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL);
+ (krb5_princ_type(context, request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL)
+ || (krb5_principal_compare_any_realm(context, request->client,
+ krb5_anonymous_principal()));
if (canon_req) {
canon_ok = IS_TGS_PRINC(context, request->server) &&
IS_TGS_PRINC(context, as_reply->enc_part2->server);
@@ -1529,6 +1531,12 @@
ctx->salt.data = NULL;
}
+ /*Anonymous*/
+ if (krb5_principal_compare_any_realm(context, ctx->request->client,
+ krb5_anonymous_principal())) {
+ ctx->request->kdc_options |= KDC_OPT_REQUEST_ANONYMOUS;
+ krb5_princ_type(context, ctx->request->client) = KRB5_NT_WELLKNOWN;
+ }
code = restart_init_creds_loop(context, ctx, NULL);
*pctx = ctx;
More information about the cvs-krb5
mailing list