(_krb5_extract_ticket): add allow_server_mismatch flag to not check

for correct server in the reply


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3459 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/krb5/get_in_tkt.c

@@ -119,6 +119,7 @@ _krb5_extract_ticket(krb5_context context,
 		     krb5_const_pointer keyseed,
 		     krb5_addresses *addrs,
 		     unsigned nonce,
+		     krb5_boolean allow_server_mismatch,
 		     krb5_decrypt_proc decrypt_proc,
 		     krb5_const_pointer decryptarg)
 {
@@ -162,12 +163,18 @@ _krb5_extract_ticket(krb5_context context,
 					rep->part1.ticket.realm);
     if (err)
 	goto out;
+    if(allow_server_mismatch){
+	krb5_free_principal(context, creds->server);
+	creds->server = tmp_principal;
+	tmp_principal = NULL;
+    }else{
 	tmp = krb5_principal_compare (context, tmp_principal, creds->server);
 	krb5_free_principal (context, tmp_principal);
 	if (!tmp) {
 	    err = KRB5KRB_AP_ERR_MODIFIED;
 	    goto out;
 	}
+    }
     
     /* decrypt */
 
@@ -570,7 +577,7 @@ krb5_get_in_cred(krb5_context context,
 	return ret;
 	
     ret = _krb5_extract_ticket(context, &rep, creds, key, keyseed, 
-			      NULL, nonce, decrypt_proc, decryptarg);
+			      NULL, nonce, FALSE, decrypt_proc, decryptarg);
     memset (key->keyvalue.data, 0, key->keyvalue.length);
     krb5_free_keyblock (context, key);
     free (key);