+ /*
+ * First, attempt to parse the name on the assumption that it includes
+ * a qualifying realm. This allows us to avoid accidentally appending
+ * the default Kerberos realm to an unqualified name. (A bug in MIT
+ * Kerberos prevents the default realm being set to an empty value.)
+ */
+ code = krb5_parse_name_flags(krbContext, nameString,
+ KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &krbPrinc);
+ if (code == KRB5_PARSE_MALFORMED) {
+ char *defaultRealm = NULL;
+ int parseFlags = 0;
+
+ /* Possibly append the default EAP realm if required */
+ if (importFlags & IMPORT_FLAG_DEFAULT_REALM)
+ defaultRealm = gssEapGetDefaultRealm(krbContext);
+
+ /* If no default realm, leave the realm empty in the parsed name */
+ if (defaultRealm == NULL || defaultRealm[0] == '\0')
+ parseFlags |= KRB5_PRINCIPAL_PARSE_NO_REALM;
+
+ code = krb5_parse_name_flags(krbContext, nameString, parseFlags, &krbPrinc);
+
+#ifdef HAVE_HEIMDAL_VERSION
+ if (code == 0 && KRB_PRINC_REALM(krbPrinc) == NULL) {
+ KRB_PRINC_REALM(krbPrinc) = GSSEAP_CALLOC(1, sizeof(char));
+ if (KRB_PRINC_REALM(krbPrinc) == NULL)
+ code = ENOMEM;
+ }
+#endif
+
+ if (defaultRealm != NULL)
+ GSSEAP_FREE(defaultRealm);
+ }
+
+ GSSEAP_FREE(nameString);
+
+ if (code != 0) {
+ *minor = code;