Move the check client/anonoymous logic to pkinit.c

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24578 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-02-04 22:04:08 +00:00
parent 7f61137222
commit 64748478da
1 changed files with 13 additions and 21 deletions
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -1058,27 +1058,19 @@ _kdc_as_rep(krb5_context context,
 	    if (ret == 0 && pkp == NULL)
 		goto ts_enc;

-	    if (!b->kdc_options.request_anonymous) {
-		ret = _kdc_pk_check_client(context,
-					   config,
-					   client,
-					   pkp,
-					   &client_cert);
-		if (ret) {
-		    e_text = "PKINIT certificate not allowed to "
-			"impersonate principal";
-		    _kdc_pk_free_client_param(context, pkp);
-		    
-		    kdc_log(context, config, 0, "%s", e_text);
-		    pkp = NULL;
-		    goto out;
-		}
-	    } else {
-		client_cert = strdup("anonymous client client");
-		if (client_cert == NULL) {
-		    ret = ENOMEM;
-		    goto out;
-		}
+	    ret = _kdc_pk_check_client(context,
+				       config,
+				       client,
+				       pkp,
+				       &client_cert);
+	    if (ret) {
+		e_text = "PKINIT certificate not allowed to "
+		    "impersonate principal";
+		_kdc_pk_free_client_param(context, pkp);
+		
+		kdc_log(context, config, 0, "%s", e_text);
+		pkp = NULL;
+		goto out;
 	    }

 	    found_pa = 1;