r16100: Patch from Michael Wood <mwood@icts.uct.ac.za>: s/then/than/ for correct...

[kai/samba.git] / source / heimdal / lib / krb5 / get_for_creds.c

diff --git a/source/heimdal/lib/krb5/get_for_creds.c b/source/heimdal/lib/krb5/get_for_creds.c
index 7bc8942f667750e34dbe04cbfeb11a1964e029b4..f042cdb5735316291aaaf485254d02d379a6575e 100644 (file)
--- a/source/heimdal/lib/krb5/get_for_creds.c
+++ b/source/heimdal/lib/krb5/get_for_creds.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: get_for_creds.c,v 1.45 2005/06/15 02:44:36 lha Exp $");
+RCSID("$Id: get_for_creds.c,v 1.49 2006/04/10 09:28:15 lha Exp $");
 
 static krb5_error_code
 add_addrs(krb5_context context,
@@ -50,7 +50,7 @@ add_addrs(krb5_context context,
        ++n;
 
     tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val));
-    if (tmp == NULL) {
+    if (tmp == NULL && (addr->len + n) != 0) {
        krb5_set_error_string(context, "malloc: out of memory");
        ret = ENOMEM;
        goto fail;
@@ -180,10 +180,7 @@ krb5_get_forwarded_creds (krb5_context         context,
     addrs.len = 0;
     addrs.val = NULL;
 
-    if (in_creds->client && in_creds->client->realm)
-       realm = in_creds->client->realm;
-    else
-       realm = in_creds->server->realm;
+    realm = in_creds->client->realm;
 
     krb5_appdefault_boolean(context, NULL, realm, "no-addresses-ever", 
                            TRUE, &noaddr_ever);
@@ -284,21 +281,14 @@ krb5_get_forwarded_creds (krb5_context        context,
        enc_krb_cred_part.usec = NULL;
     }
 
-    if (auth_context->local_address && auth_context->local_port) {
-       krb5_boolean noaddr;
-       krb5_const_realm srealm;
-
-       srealm = krb5_principal_get_realm(context, out_creds->server);
-       krb5_appdefault_boolean(context, NULL, srealm, "no-addresses", 
-                               paddrs == NULL, &noaddr);
-       if (!noaddr) {
-           ret = krb5_make_addrport (context,
-                                     &enc_krb_cred_part.s_address,
-                                     auth_context->local_address,
-                                     auth_context->local_port);
-           if (ret)
-               goto out4;
-       }
+    if (auth_context->local_address && auth_context->local_port && paddrs) {
+
+       ret = krb5_make_addrport (context,
+                                 &enc_krb_cred_part.s_address,
+                                 auth_context->local_address,
+                                 auth_context->local_port);
+       if (ret)
+           goto out4;
     }
 
     if (auth_context->remote_address) {
@@ -385,17 +375,13 @@ krb5_get_forwarded_creds (krb5_context        context,
        cred.enc_part.cipher.data = buf;
        cred.enc_part.cipher.length = buf_size;
     } else {
-           /* 
-            * RFC4120 claims we should use the session key, but Heimdal
-            * before 0.8 used the remote subkey if it was send in the
-            * auth_context.  
-            *
-            * Lorikeet-Heimdal is interested in windows compatiblity
-            * more than Heimdal compatability, so we must choose the
-            * session key, and break forwarding credentials to older
-            * Heimdal servers. 
-            */
-
+       /* 
+        * Here older versions than 0.7.2 of Heimdal used the local or
+        * remote subkey. That is wrong, the session key should be
+        * used. Heimdal 0.7.2 and newer have code to try both in the
+        * receiving end.
+        */
+       
        ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
        if (ret) {
            free(buf);