svn rev #24793: trunk/src/lib/krb5/krb/
lhoward@MIT.EDU
lhoward at MIT.EDU
Sat Apr 2 02:41:44 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=24793
Commit By: lhoward
Log Message:
When doing S4U2Self for the anon principal, use the server realm
Changed Files:
U trunk/src/lib/krb5/krb/s4u_creds.c
Modified: trunk/src/lib/krb5/krb/s4u_creds.c
===================================================================
--- trunk/src/lib/krb5/krb/s4u_creds.c 2011-04-02 06:41:31 UTC (rev 24792)
+++ trunk/src/lib/krb5/krb/s4u_creds.c 2011-04-02 06:41:44 UTC (rev 24793)
@@ -74,10 +74,18 @@
if (in_creds->client != NULL &&
krb5_princ_type(context, in_creds->client) !=
- KRB5_NT_ENTERPRISE_PRINCIPAL)
- /* we already know the realm of the user */
- return krb5_copy_principal(context, in_creds->client, canon_user);
+ KRB5_NT_ENTERPRISE_PRINCIPAL) {
+ int anonymous;
+ anonymous = krb5_principal_compare(context, in_creds->client,
+ krb5_anonymous_principal());
+
+ return krb5_copy_principal(context,
+ anonymous ? in_creds->server
+ : in_creds->client,
+ canon_user);
+ }
+
memset(&creds, 0, sizeof(creds));
memset(&userid, 0, sizeof(userid));
@@ -503,7 +511,7 @@
/* First, acquire a TGT to the user's realm. */
code = krb5int_tgtname(context, user_realm,
- krb5_princ_realm(context, in_creds->server), &tgs);
+ krb5_princ_realm(context, in_creds->server), &tgs);
if (code != 0)
goto cleanup;
More information about the cvs-krb5
mailing list