Set anonymous ticket flag

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/anonymous@23497 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 1b495d6dd8e54bd2ff71ae83b05686826526db22..8e97fee294330e648deb14bcca84908b1f6c1141 100644 (file)
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -848,7 +848,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
 /* #define      KDC_OPT_RESERVED        0x00040000 */
 #define KDC_OPT_CNAME_IN_ADDL_TKT       0x00020000
 #define KDC_OPT_CANONICALIZE            0x00010000
-#define KDC_OPT_REQUEST_ANONYMOUS       0x000080000
+#define KDC_OPT_REQUEST_ANONYMOUS       0x00008000
 /* #define      KDC_OPT_RESERVED        0x00004000 */
 /* #define      KDC_OPT_RESERVED        0x00002000 */
 /* #define      KDC_OPT_RESERVED        0x00001000 */

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 4a845ce5b535cda577633cfaf05ceebd6a561aa9..d82adee6f2428b616e14c2a701fa59388d8c1c17 100644 (file)
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -390,13 +390,14 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     enc_tkt_reply.authorization_data = 0;
 
     /* If anonymous requests are being used, adjust the realm of the client principal*/
-    if (request->kdc_options & KDC_OPT_REQUEST_ANONYMOUS) {
+    if (isflagset(request->kdc_options, KDC_OPT_REQUEST_ANONYMOUS)) {
         if (!krb5_principal_compare_any_realm(kdc_context, request->client,
                                               krb5_anonymous_principal())) {
             errcode = KRB5KDC_ERR_BADOPTION;
             status = "Anonymous requested but anonymous principal not used.";
             goto errout;
         }
+        setflag(enc_tkt_reply.flags, TKT_FLG_ANONYMOUS);
         krb5_free_principal(kdc_context, request->client);
         errcode = krb5_copy_principal(kdc_context, krb5_anonymous_principal(),
                                       &request->client);