8 files changed, 43 insertions, 25 deletions

diff --git a/source4/heimdal/kdc/524.c b/source4/heimdal/kdc/524.c
index 14969aaa52..d61b78d9b6 100644
--- a/source4/heimdal/kdc/524.c
+++ b/source4/heimdal/kdc/524.c
@@ -53,7 +53,7 @@ fetch_server (krb5_context context,
     krb5_error_code ret;
     krb5_principal sprinc;
 
-    ret = _krb5_principalname2krb5_principal(&sprinc, t->sname, t->realm);
+    ret = _krb5_principalname2krb5_principal(context, &sprinc, t->sname, t->realm);
     if (ret) {
 	kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s",
 		krb5_get_err_text(context, ret));
@@ -90,7 +90,7 @@ log_524 (krb5_context context,
     char *cpn;
     krb5_error_code ret;
 
-    ret = _krb5_principalname2krb5_principal(&client, et->cname, et->crealm);
+    ret = _krb5_principalname2krb5_principal(context, &client, et->cname, et->crealm);
     if (ret) {
 	kdc_log(context, config, 0, "_krb5_principalname2krb5_principal: %s",
 		krb5_get_err_text (context, ret));
diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c
index 4ece1a47d6..d7a3a9cb69 100644
--- a/source4/heimdal/kdc/kerberos4.c
+++ b/source4/heimdal/kdc/kerberos4.c
@@ -655,7 +655,8 @@ _kdc_encode_v4_ticket(krb5_context context,
 
     {
 	krb5_principal princ;
-	_krb5_principalname2krb5_principal(&princ,
+	_krb5_principalname2krb5_principal(context,
+					   &princ,
 					   *service,
 					   et->crealm);
 	ret = krb5_524_conv_principal(context, 
@@ -667,7 +668,8 @@ _kdc_encode_v4_ticket(krb5_context context,
 	if(ret)
 	    return ret;
 
-	_krb5_principalname2krb5_principal(&princ,
+	_krb5_principalname2krb5_principal(context, 
+					   &princ,
 					   et->cname,
 					   et->crealm);
 				     
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 877b88c155..a73c2c10b3 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -869,7 +869,7 @@ _kdc_as_rep(krb5_context context,
 	ret = KRB5KRB_ERR_GENERIC;
 	e_text = "No server in request";
     } else{
-	_krb5_principalname2krb5_principal (&server_princ,
+	    _krb5_principalname2krb5_principal (context, &server_princ,
 					    *(b->sname), b->realm);
 	ret = krb5_unparse_name(context, server_princ, &server_name);
     }
@@ -882,7 +882,7 @@ _kdc_as_rep(krb5_context context,
 	ret = KRB5KRB_ERR_GENERIC;
 	e_text = "No client in request";
     } else {
-	_krb5_principalname2krb5_principal (&client_princ,
+	    _krb5_principalname2krb5_principal (context, &client_princ,
 					    *(b->cname), b->realm);
 	ret = krb5_unparse_name(context, client_princ, &client_name);
     }
@@ -1270,7 +1270,7 @@ _kdc_as_rep(krb5_context context,
     if (f.request_anonymous)
 	make_anonymous_principalname (&rep.cname);
     else
-	_krb5_principal2principalname(&rep.cname, 
+	    _krb5_principal2principalname(&rep.cname, 
 				      client->entry.principal);
     rep.ticket.tkt_vno = 5;
     copy_Realm(&server->entry.principal->realm, &rep.ticket.realm);
@@ -2137,7 +2137,7 @@ tgs_rep2(krb5_context context,
 	goto out2;
     }
     
-    _krb5_principalname2krb5_principal(&princ,
+    _krb5_principalname2krb5_principal(context, &princ,
 				       ap_req.ticket.sname,
 				       ap_req.ticket.realm);
     
@@ -2340,7 +2340,7 @@ tgs_rep2(krb5_context context,
 		ret = KRB5KDC_ERR_POLICY;
 		goto out2;
 	    }
-	    _krb5_principalname2krb5_principal(&p, t->sname, t->realm);
+	    _krb5_principalname2krb5_principal(context, &p, t->sname, t->realm);
 	    ret = _kdc_db_fetch(context, config, p, 
 				HDB_F_GET_CLIENT|HDB_F_GET_SERVER, &uu);
 	    krb5_free_principal(context, p);
@@ -2364,11 +2364,11 @@ tgs_rep2(krb5_context context,
 	    r = adtkt.crealm;
 	}
 
-	_krb5_principalname2krb5_principal(&sp, *s, r);
+	_krb5_principalname2krb5_principal(context, &sp, *s, r);
 	ret = krb5_unparse_name(context, sp, &spn);	
 	if (ret)
 	    goto out;
-	_krb5_principalname2krb5_principal(&cp, tgt->cname, tgt->crealm);
+	_krb5_principalname2krb5_principal(context, &cp, tgt->cname, tgt->crealm);
 	ret = krb5_unparse_name(context, cp, &cpn);
 	if (ret)
 	    goto out;
diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c
index 01b5d3ee44..8f7b886e80 100644
--- a/source4/heimdal/lib/krb5/asn1_glue.c
+++ b/source4/heimdal/lib/krb5/asn1_glue.c
@@ -47,13 +47,23 @@ _krb5_principal2principalname (PrincipalName *p,
 }
 
 krb5_error_code KRB5_LIB_FUNCTION
-_krb5_principalname2krb5_principal (krb5_principal *principal,
+_krb5_principalname2krb5_principal (krb5_context context, 
+				    krb5_principal *principal,
 				    const PrincipalName from,
 				    const Realm realm)
 {
-    krb5_principal p = malloc(sizeof(*p));
-    copy_PrincipalName(&from, &p->name);
-    p->realm = strdup(realm);
-    *principal = p;
+    if (from.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+	    if (from.name_string.len != 1) {
+		    return KRB5_PARSE_MALFORMED;
+	    }
+	    return krb5_parse_name(context, 
+				   from.name_string.val[0],
+				   principal);
+    } else {
+	    krb5_principal p = malloc(sizeof(*p));
+	    copy_PrincipalName(&from, &p->name);
+	    p->realm = strdup(realm);
+	    *principal = p;
+    }
     return 0;
 }
diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c
index 24d6c29f52..5c488d1ddc 100644
--- a/source4/heimdal/lib/krb5/get_in_tkt.c
+++ b/source4/heimdal/lib/krb5/get_in_tkt.c
@@ -137,7 +137,8 @@ _krb5_extract_ticket(krb5_context context,
     time_t tmp_time;
     krb5_timestamp sec_now;
 
-    ret = _krb5_principalname2krb5_principal (&tmp_principal,
+    ret = _krb5_principalname2krb5_principal (context, 
+					      &tmp_principal,
 					      rep->kdc_rep.cname,
 					      rep->kdc_rep.crealm);
     if (ret)
@@ -170,7 +171,8 @@ _krb5_extract_ticket(krb5_context context,
 
     /* compare server */
 
-    ret = _krb5_principalname2krb5_principal (&tmp_principal,
+    ret = _krb5_principalname2krb5_principal (context, 
+					      &tmp_principal,
 					      rep->kdc_rep.ticket.sname,
 					      rep->kdc_rep.ticket.realm);
     if (ret)
diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h
index 17b282f1d8..9ba288e22b 100644
--- a/source4/heimdal/lib/krb5/krb5-private.h
+++ b/source4/heimdal/lib/krb5/krb5-private.h
@@ -372,6 +372,7 @@ _krb5_principal2principalname (
 
 krb5_error_code KRB5_LIB_FUNCTION
 _krb5_principalname2krb5_principal (
+	krb5_context /* context */,
 	krb5_principal */*principal*/,
 	const PrincipalName /*from*/,
 	const Realm /*realm*/);
diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c
index 520b3a1418..01b5188bae 100644
--- a/source4/heimdal/lib/krb5/rd_cred.c
+++ b/source4/heimdal/lib/krb5/rd_cred.c
@@ -265,7 +265,7 @@ krb5_rd_cred(krb5_context context,
 	    krb5_abortx(context, "internal error in ASN.1 encoder");
 	copy_EncryptionKey (&kci->key, &creds->session);
 	if (kci->prealm && kci->pname)
-	    _krb5_principalname2krb5_principal (&creds->client,
+	    _krb5_principalname2krb5_principal (context, &creds->client,
 						*kci->pname,
 						*kci->prealm);
 	if (kci->flags)
@@ -279,7 +279,8 @@ krb5_rd_cred(krb5_context context,
 	if (kci->renew_till)
 	    creds->times.renew_till = *kci->renew_till;
 	if (kci->srealm && kci->sname)
-	    _krb5_principalname2krb5_principal (&creds->server,
+	    _krb5_principalname2krb5_principal (context,
+						&creds->server,
 						*kci->sname,
 						*kci->srealm);
 	if (kci->caddr)
diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index 0d4635b964..c0bb710a59 100644
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -376,10 +376,12 @@ krb5_verify_ap_req2(krb5_context context,
     if(ret)
 	goto out;
 
-    ret = _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname, 
+    ret = _krb5_principalname2krb5_principal(context, 
+					     &t->server, ap_req->ticket.sname, 
 					     ap_req->ticket.realm);
     if (ret) goto out;
-    ret = _krb5_principalname2krb5_principal(&t->client, t->ticket.cname, 
+    ret = _krb5_principalname2krb5_principal(context, 
+					     &t->client, t->ticket.cname, 
 					     t->ticket.crealm);
     if (ret) goto out;
 
@@ -400,10 +402,10 @@ krb5_verify_ap_req2(krb5_context context,
 	krb5_principal p1, p2;
 	krb5_boolean res;
 	
-	_krb5_principalname2krb5_principal(&p1,
+	_krb5_principalname2krb5_principal(context, &p1,
 					   ac->authenticator->cname,
 					   ac->authenticator->crealm);
-	_krb5_principalname2krb5_principal(&p2, 
+	_krb5_principalname2krb5_principal(context, &p2, 
 					   t->ticket.cname,
 					   t->ticket.crealm);
 	res = krb5_principal_compare (context, p1, p2);
@@ -605,7 +607,7 @@ krb5_rd_req_return_keyblock(krb5_context context,
 	return ret;
 
     if(server == NULL){
-	_krb5_principalname2krb5_principal(&service,
+	_krb5_principalname2krb5_principal(context, &service,
 					   ap_req.ticket.sname,
 					   ap_req.ticket.realm);
 	server = service;