aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Howard <lukeh@padl.com>2011-04-02 06:37:29 +0000
committerLuke Howard <lukeh@padl.com>2011-04-02 06:37:29 +0000
commit1a8d1a87d2b5bd3c9dae7147f154876f1dcc917f (patch)
tree406858c32a61c5a0ec40ffb8133c74db153c2b84
parentc03f17d6cd8538fa86c12fd400091de4a4160af6 (diff)
downloadkrb5-1a8d1a87d2b5bd3c9dae7147f154876f1dcc917f.zip
krb5-1a8d1a87d2b5bd3c9dae7147f154876f1dcc917f.tar.gz
krb5-1a8d1a87d2b5bd3c9dae7147f154876f1dcc917f.tar.bz2
When doing S4U2Self for the anon principal, use the server realm
git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24786 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat
-rw-r--r--src/lib/krb5/krb/s4u_creds.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c
index e79ab86..237950a 100644
--- a/src/lib/krb5/krb/s4u_creds.c
+++ b/src/lib/krb5/krb/s4u_creds.c
@@ -74,9 +74,17 @@ s4u_identify_user(krb5_context context,
if (in_creds->client != NULL &&
krb5_princ_type(context, in_creds->client) !=
- KRB5_NT_ENTERPRISE_PRINCIPAL)
- /* we already know the realm of the user */
- return krb5_copy_principal(context, in_creds->client, canon_user);
+ KRB5_NT_ENTERPRISE_PRINCIPAL) {
+ int anonymous;
+
+ anonymous = krb5_principal_compare(context, in_creds->client,
+ krb5_anonymous_principal());
+
+ return krb5_copy_principal(context,
+ anonymous ? in_creds->server
+ : in_creds->client,
+ canon_user);
+ }
memset(&creds, 0, sizeof(creds));
@@ -503,7 +511,7 @@ krb5_get_self_cred_from_kdc(krb5_context context,
/* First, acquire a TGT to the user's realm. */
code = krb5int_tgtname(context, user_realm,
- krb5_princ_realm(context, in_creds->server), &tgs);
+ krb5_princ_realm(context, in_creds->server), &tgs);
if (code != 0)
goto cleanup;
generated by cgit v1.1 at 2024-09-17 14:52:03 +0000