From fbfd45f8e43eb1070913fa062216d6a1fbb03a9c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Fri, 16 Feb 2007 03:33:25 +0000
Subject: [PATCH] Use EXTRACT_TICKET_* flags, support canonicalize.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20228 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/init_creds_pw.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c
index 226fe7396..8cdd4b498 100644
--- a/lib/krb5/init_creds_pw.c
+++ b/lib/krb5/init_creds_pw.c
@@ -330,6 +330,8 @@ get_init_creds_common(krb5_context context,
 	    ctx->addrs = &no_addrs;
 	    break;
 	}
+	if (options->opt_private->canonicalize)
+	    ctx->flags.canonicalize = 1;
     }
     if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
 	etypes = malloc((options->etype_list_length + 1)
@@ -1347,6 +1349,15 @@ init_cred_loop(krb5_context context,
 
     {
 	krb5_keyblock *key = NULL;
+	unsigned flags = 0;
+
+	if (ctx->flags.request_anonymous)
+	    flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
+	if (ctx->flags.canonicalize) {
+	    flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH;
+	    flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH;
+	    flags |= EXTRACT_TICKET_MATCH_REALM;
+	}
 
 	ret = process_pa_data_to_key(context, ctx, creds, 
 				     &ctx->as_req, &rep, hi, &key);
@@ -1361,8 +1372,7 @@ init_cred_loop(krb5_context context,
 				   KRB5_KU_AS_REP_ENC_PART,
 				   NULL,
 				   ctx->nonce,
-				   FALSE,
-				   ctx->flags.request_anonymous,
+				   flags,
 				   NULL,
 				   NULL);
 	krb5_free_keyblock(context, key);