From 2b93295ca4f2e4394d80f8d0aca1b2387b6b36a2 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sat, 2 Apr 2011 06:41:44 +0000 Subject: [PATCH] When doing S4U2Self for the anon principal, use the server realm git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24793 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/s4u_creds.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index e79ab86c6..237950a37 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -74,9 +74,17 @@ s4u_identify_user(krb5_context context, if (in_creds->client != NULL && krb5_princ_type(context, in_creds->client) != - KRB5_NT_ENTERPRISE_PRINCIPAL) - /* we already know the realm of the user */ - return krb5_copy_principal(context, in_creds->client, canon_user); + KRB5_NT_ENTERPRISE_PRINCIPAL) { + int anonymous; + + anonymous = krb5_principal_compare(context, in_creds->client, + krb5_anonymous_principal()); + + return krb5_copy_principal(context, + anonymous ? in_creds->server + : in_creds->client, + canon_user); + } memset(&creds, 0, sizeof(creds)); @@ -503,7 +511,7 @@ krb5_get_self_cred_from_kdc(krb5_context context, /* First, acquire a TGT to the user's realm. */ code = krb5int_tgtname(context, user_realm, - krb5_princ_realm(context, in_creds->server), &tgs); + krb5_princ_realm(context, in_creds->server), &tgs); if (code != 0) goto cleanup; -- 2.26.2