From: Sam Hartman <hartmans@mit.edu>
Date: Wed, 23 Dec 2009 21:09:43 +0000 (+0000)
Subject: In case of anonymous client principal, use the realm of the server
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa71837b299d4a12b07160b108f54c5323448292;p=thirdparty%2Fkrb5.git

In case of anonymous client principal, use the realm of the server
principal or if not specified the default realm for determining what
KDC to contact.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/anonymous@23490 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index b13c9a94c8..7875e758aa 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1047,37 +1047,47 @@ build_in_tkt_name(krb5_context context,
     *server = NULL;
 
     if (in_tkt_service) {
-        /* this is ugly, because so are the data structures involved.  I'm
-           in the library, so I'm going to manipulate the data structures
-           directly, otherwise, it will be worse. */
 
         if ((ret = krb5_parse_name(context, in_tkt_service, server)))
             return ret;
 
-        /* stuff the client realm into the server principal.
+        /* stuff the client realm into the server principal. unless using anonymous
            realloc if necessary */
-        if ((*server)->realm.length < client->realm.length) {
-            char *p = realloc((*server)->realm.data,
-                              client->realm.length);
-            if (p == NULL) {
-                krb5_free_principal(context, *server);
-                *server = NULL;
-                return ENOMEM;
+        if (!krb5_principal_compare( context, client, krb5_anonymous_principal())) {
+            if ((*server)->realm.length < client->realm.length) {
+                char *p = realloc((*server)->realm.data,
+                                  client->realm.length);
+                if (p == NULL) {
+                    krb5_free_principal(context, *server);
+                    *server = NULL;
+                    return ENOMEM;
+                }
+                (*server)->realm.data = p;
             }
-            (*server)->realm.data = p;
-        }
 
-        (*server)->realm.length = client->realm.length;
-        memcpy((*server)->realm.data, client->realm.data, client->realm.length);
+            (*server)->realm.length = client->realm.length;
+            memcpy((*server)->realm.data, client->realm.data, client->realm.length);
+        }
     } else {
+        krb5_data realm = (krb5_data ) client->realm;
+        char *free_realm = NULL;
+        if (krb5_principal_compare(context, client, krb5_anonymous_principal())) {
+            ret = krb5_get_default_realm( context, &free_realm);
+            if (ret != 0)
+                return ret;
+            realm.data = free_realm;
+            realm.length = strlen(free_realm);
+        }
         ret = krb5_build_principal_ext(context, server,
-                                       client->realm.length,
-                                       client->realm.data,
+                                       realm.length,
+                                       realm.data,
                                        KRB5_TGS_NAME_SIZE,
                                        KRB5_TGS_NAME,
-                                       client->realm.length,
-                                       client->realm.data,
+                                       realm.length,
+                                       realm.data,
                                        0);
+        if (free_realm)
+            krb5_free_default_realm( context, free_realm);
     }
     return ret;
 }