(krb5_get_forwarded_creds): Use [appdefault]no-addresses before

checking if the krbtgt is address-less, use KRB5_ADDRESSLESS_DEFAULT.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16687 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/krb5/get_for_creds.c

@@ -185,10 +185,20 @@ krb5_get_forwarded_creds (krb5_context	    context,
     addrs.val = NULL;
     paddrs = &addrs;
 
+    {
+	krb5_boolean noaddr;
+	krb5_appdefault_boolean(context, NULL, realm,
+				"no-addresses", KRB5_ADDRESSLESS_DEFAULT,
+				&noaddr);
+	if (noaddr)
+	    paddrs = NULL;
+    }
+	
     /*
      * If tickets are address-less, forward address-less tickets.
      */
 
+    if (paddrs) {
 	ret = _krb5_get_krbtgt (context,
 				ccache,
 				realm,
@@ -198,6 +208,7 @@ krb5_get_forwarded_creds (krb5_context	    context,
 		paddrs = NULL;
 	    krb5_free_creds (context, ticket);
 	}
+    }
     
     if (paddrs != NULL) {
 
@@ -277,14 +288,8 @@ krb5_get_forwarded_creds (krb5_context	    context,
 	enc_krb_cred_part.usec = NULL;
     }
 
-    if (auth_context->local_address && auth_context->local_port) {
+    if (auth_context->local_address && auth_context->local_port && paddrs) {
-	krb5_boolean noaddr;
-	krb5_const_realm srealm;
 
-	srealm = krb5_principal_get_realm(context, out_creds->server);
-	krb5_appdefault_boolean(context, NULL, srealm, "no-addresses", 
-				paddrs == NULL,	&noaddr);
-	if (!noaddr) {
 	ret = krb5_make_addrport (context,
 				  &enc_krb_cred_part.s_address,
 				  auth_context->local_address,
@@ -292,7 +297,6 @@ krb5_get_forwarded_creds (krb5_context	    context,
 	if (ret)
 	    goto out4;
     }
-    }
 
     if (auth_context->remote_address) {
 	if (auth_context->remote_port) {