/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
#include <krb5_locl.h>
-RCSID("$Id: get_for_creds.c,v 1.45 2005/06/15 02:44:36 lha Exp $");
+RCSID("$Id: get_for_creds.c,v 1.49 2006/04/10 09:28:15 lha Exp $");
static krb5_error_code
add_addrs(krb5_context context,
++n;
tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val));
- if (tmp == NULL) {
+ if (tmp == NULL && (addr->len + n) != 0) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
addrs.len = 0;
addrs.val = NULL;
- if (in_creds->client && in_creds->client->realm)
- realm = in_creds->client->realm;
- else
- realm = in_creds->server->realm;
+ realm = in_creds->client->realm;
krb5_appdefault_boolean(context, NULL, realm, "no-addresses-ever",
TRUE, &noaddr_ever);
enc_krb_cred_part.usec = NULL;
}
- if (auth_context->local_address && auth_context->local_port) {
- krb5_boolean noaddr;
- krb5_const_realm srealm;
-
- srealm = krb5_principal_get_realm(context, out_creds->server);
- krb5_appdefault_boolean(context, NULL, srealm, "no-addresses",
- paddrs == NULL, &noaddr);
- if (!noaddr) {
- ret = krb5_make_addrport (context,
- &enc_krb_cred_part.s_address,
- auth_context->local_address,
- auth_context->local_port);
- if (ret)
- goto out4;
- }
+ if (auth_context->local_address && auth_context->local_port && paddrs) {
+
+ ret = krb5_make_addrport (context,
+ &enc_krb_cred_part.s_address,
+ auth_context->local_address,
+ auth_context->local_port);
+ if (ret)
+ goto out4;
}
if (auth_context->remote_address) {
cred.enc_part.cipher.data = buf;
cred.enc_part.cipher.length = buf_size;
} else {
- /*
- * RFC4120 claims we should use the session key, but Heimdal
- * before 0.8 used the remote subkey if it was send in the
- * auth_context.
- *
- * Lorikeet-Heimdal is interested in windows compatiblity
- * more than Heimdal compatability, so we must choose the
- * session key, and break forwarding credentials to older
- * Heimdal servers.
- */
-
+ /*
+ * Here older versions than 0.7.2 of Heimdal used the local or
+ * remote subkey. That is wrong, the session key should be
+ * used. Heimdal 0.7.2 and newer have code to try both in the
+ * receiving end.
+ */
+
ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
if (ret) {
free(buf);