From: Sam Hartman <hartmans@mit.edu>
Date: Wed, 23 Dec 2009 21:10:23 +0000 (+0000)
Subject: Anonymous client side support
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0c563adb45957f715af63522db55002698da659c;p=thirdparty%2Fkrb5.git

Anonymous client side support

* Permit realm canonicalization for anonymous principals
* If we are requesting anonymous tickets, set the KDC option and name type

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/anonymous@23502 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index b13c9a94c8..95f952aace 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -304,7 +304,9 @@ verify_as_reply(krb5_context            context,
      * principal) and we requested (and received) a TGT.
      */
     canon_req = ((request->kdc_options & KDC_OPT_CANONICALIZE) != 0) ||
-        (krb5_princ_type(context, request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL);
+        (krb5_princ_type(context, request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL)
+        || (krb5_principal_compare_any_realm(context, request->client,
+                                             krb5_anonymous_principal()));
     if (canon_req) {
         canon_ok = IS_TGS_PRINC(context, request->server) &&
             IS_TGS_PRINC(context, as_reply->enc_part2->server);
@@ -1529,6 +1531,12 @@ krb5_init_creds_init(krb5_context context,
         ctx->salt.data = NULL;
     }
 
+    /*Anonymous*/
+    if (krb5_principal_compare_any_realm(context, ctx->request->client,
+                                         krb5_anonymous_principal())) {
+        ctx->request->kdc_options |= KDC_OPT_REQUEST_ANONYMOUS;
+        krb5_princ_type(context, ctx->request->client) = KRB5_NT_WELLKNOWN;
+    }
     code = restart_init_creds_loop(context, ctx, NULL);
 
     *pctx = ctx;