From 64748478da7cf88ce74fdf724c4f63a71abd739d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 4 Feb 2009 22:04:08 +0000
Subject: [PATCH] Move the check client/anonoymous logic to pkinit.c

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24578 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/kerberos5.c | 34 +++++++++++++---------------------
 1 file changed, 13 insertions(+), 21 deletions(-)

diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index 3195a8df8..21324c0bd 100644
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -1058,27 +1058,19 @@ _kdc_as_rep(krb5_context context,
 	    if (ret == 0 && pkp == NULL)
 		goto ts_enc;
 
-	    if (!b->kdc_options.request_anonymous) {
-		ret = _kdc_pk_check_client(context,
-					   config,
-					   client,
-					   pkp,
-					   &client_cert);
-		if (ret) {
-		    e_text = "PKINIT certificate not allowed to "
-			"impersonate principal";
-		    _kdc_pk_free_client_param(context, pkp);
-		    
-		    kdc_log(context, config, 0, "%s", e_text);
-		    pkp = NULL;
-		    goto out;
-		}
-	    } else {
-		client_cert = strdup("anonymous client client");
-		if (client_cert == NULL) {
-		    ret = ENOMEM;
-		    goto out;
-		}
+	    ret = _kdc_pk_check_client(context,
+				       config,
+				       client,
+				       pkp,
+				       &client_cert);
+	    if (ret) {
+		e_text = "PKINIT certificate not allowed to "
+		    "impersonate principal";
+		_kdc_pk_free_client_param(context, pkp);
+		
+		kdc_log(context, config, 0, "%s", e_text);
+		pkp = NULL;
+		goto out;
 	    }
 
 	    found_pa = 1;