Use anon realm for anonymous PKINIT

When an AS request names the anonymous principal, use the anonymous
realm in the response and ticket.
This commit is contained in:
Chaskiel Grundman
2014-07-07 12:35:43 -04:00
parent f3789f8cc5
commit f07ee07288

View File

@@ -1872,7 +1872,11 @@ _kdc_as_rep(kdc_request_t r,
rep.pvno = 5;
rep.msg_type = krb_as_rep;
ret = copy_Realm(&r->client->entry.principal->realm, &rep.crealm);
if (_kdc_is_anonymous(context, r->client_princ)) {
Realm anon_realm=KRB5_ANON_REALM;
ret = copy_Realm(&anon_realm, &rep.crealm);
} else
ret = copy_Realm(&r->client->entry.principal->realm, &rep.crealm);
if (ret)
goto out;
ret = _krb5_principal2principalname(&rep.cname, r->client->entry.principal);