5 files changed, 30 insertions, 14 deletions

diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c
index 01b5d3ee44..8f7b886e80 100644
--- a/source4/heimdal/lib/krb5/asn1_glue.c
+++ b/source4/heimdal/lib/krb5/asn1_glue.c
@@ -47,13 +47,23 @@ _krb5_principal2principalname (PrincipalName *p,
 }
 
 krb5_error_code KRB5_LIB_FUNCTION
-_krb5_principalname2krb5_principal (krb5_principal *principal,
+_krb5_principalname2krb5_principal (krb5_context context, 
+				    krb5_principal *principal,
 				    const PrincipalName from,
 				    const Realm realm)
 {
-    krb5_principal p = malloc(sizeof(*p));
-    copy_PrincipalName(&from, &p->name);
-    p->realm = strdup(realm);
-    *principal = p;
+    if (from.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+	    if (from.name_string.len != 1) {
+		    return KRB5_PARSE_MALFORMED;
+	    }
+	    return krb5_parse_name(context, 
+				   from.name_string.val[0],
+				   principal);
+    } else {
+	    krb5_principal p = malloc(sizeof(*p));
+	    copy_PrincipalName(&from, &p->name);
+	    p->realm = strdup(realm);
+	    *principal = p;
+    }
     return 0;
 }
diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c
index 24d6c29f52..5c488d1ddc 100644
--- a/source4/heimdal/lib/krb5/get_in_tkt.c
+++ b/source4/heimdal/lib/krb5/get_in_tkt.c
@@ -137,7 +137,8 @@ _krb5_extract_ticket(krb5_context context,
     time_t tmp_time;
     krb5_timestamp sec_now;
 
-    ret = _krb5_principalname2krb5_principal (&tmp_principal,
+    ret = _krb5_principalname2krb5_principal (context, 
+					      &tmp_principal,
 					      rep->kdc_rep.cname,
 					      rep->kdc_rep.crealm);
     if (ret)
@@ -170,7 +171,8 @@ _krb5_extract_ticket(krb5_context context,
 
     /* compare server */
 
-    ret = _krb5_principalname2krb5_principal (&tmp_principal,
+    ret = _krb5_principalname2krb5_principal (context, 
+					      &tmp_principal,
 					      rep->kdc_rep.ticket.sname,
 					      rep->kdc_rep.ticket.realm);
     if (ret)
diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h
index 17b282f1d8..9ba288e22b 100644
--- a/source4/heimdal/lib/krb5/krb5-private.h
+++ b/source4/heimdal/lib/krb5/krb5-private.h
@@ -372,6 +372,7 @@ _krb5_principal2principalname (
 
 krb5_error_code KRB5_LIB_FUNCTION
 _krb5_principalname2krb5_principal (
+	krb5_context /* context */,
 	krb5_principal */*principal*/,
 	const PrincipalName /*from*/,
 	const Realm /*realm*/);
diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c
index 520b3a1418..01b5188bae 100644
--- a/source4/heimdal/lib/krb5/rd_cred.c
+++ b/source4/heimdal/lib/krb5/rd_cred.c
@@ -265,7 +265,7 @@ krb5_rd_cred(krb5_context context,
 	    krb5_abortx(context, "internal error in ASN.1 encoder");
 	copy_EncryptionKey (&kci->key, &creds->session);
 	if (kci->prealm && kci->pname)
-	    _krb5_principalname2krb5_principal (&creds->client,
+	    _krb5_principalname2krb5_principal (context, &creds->client,
 						*kci->pname,
 						*kci->prealm);
 	if (kci->flags)
@@ -279,7 +279,8 @@ krb5_rd_cred(krb5_context context,
 	if (kci->renew_till)
 	    creds->times.renew_till = *kci->renew_till;
 	if (kci->srealm && kci->sname)
-	    _krb5_principalname2krb5_principal (&creds->server,
+	    _krb5_principalname2krb5_principal (context,
+						&creds->server,
 						*kci->sname,
 						*kci->srealm);
 	if (kci->caddr)
diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index 0d4635b964..c0bb710a59 100644
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -376,10 +376,12 @@ krb5_verify_ap_req2(krb5_context context,
     if(ret)
 	goto out;
 
-    ret = _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname, 
+    ret = _krb5_principalname2krb5_principal(context, 
+					     &t->server, ap_req->ticket.sname, 
 					     ap_req->ticket.realm);
     if (ret) goto out;
-    ret = _krb5_principalname2krb5_principal(&t->client, t->ticket.cname, 
+    ret = _krb5_principalname2krb5_principal(context, 
+					     &t->client, t->ticket.cname, 
 					     t->ticket.crealm);
     if (ret) goto out;
 
@@ -400,10 +402,10 @@ krb5_verify_ap_req2(krb5_context context,
 	krb5_principal p1, p2;
 	krb5_boolean res;
 	
-	_krb5_principalname2krb5_principal(&p1,
+	_krb5_principalname2krb5_principal(context, &p1,
 					   ac->authenticator->cname,
 					   ac->authenticator->crealm);
-	_krb5_principalname2krb5_principal(&p2, 
+	_krb5_principalname2krb5_principal(context, &p2, 
 					   t->ticket.cname,
 					   t->ticket.crealm);
 	res = krb5_principal_compare (context, p1, p2);
@@ -605,7 +607,7 @@ krb5_rd_req_return_keyblock(krb5_context context,
 	return ret;
 
     if(server == NULL){
-	_krb5_principalname2krb5_principal(&service,
+	_krb5_principalname2krb5_principal(context, &service,
 					   ap_req.ticket.sname,
 					   ap_req.ticket.realm);
 	server = service;