Ignore transited realm checking for anonymous realm

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/anonymous@23507 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/chk_trans.c b/src/lib/krb5/krb/chk_trans.c
index 3c014817c4bdb11fbc7df7de2ed83bfaadbe429a..def50885c8ba3eb37e6505b5e4b2b794c9d6c376 100644 (file)
--- a/src/lib/krb5/krb/chk_trans.c
+++ b/src/lib/krb5/krb/chk_trans.c
@@ -315,6 +315,7 @@ krb5_check_transited_list (krb5_context ctx, const krb5_data *trans_in,
     krb5_data trans;
     struct check_data cdata;
     krb5_error_code r;
+    const krb5_data *anonymous;
 
     trans.length = trans_in->length;
     trans.data = (char *) trans_in->data;
@@ -327,6 +328,11 @@ krb5_check_transited_list (krb5_context ctx, const krb5_data *trans_in,
               (int) srealm->length, srealm->data));
     if (trans.length == 0)
         return 0;
+    anonymous = krb5_anonymous_realm();
+    if (crealm->length == anonymous->length
+        && (memcmp(crealm->data, anonymous->data, anonymous->length) == 0))
+        return 0; /*Nothing to check for anonymous*/
+
     r = krb5_walk_realm_tree (ctx, crealm, srealm, &cdata.tgs,
                               KRB5_REALM_BRANCH_CHAR);
     if (r) {