Don't include @ symbol in realmless names, to conform with draft-ietf-abfab-gss-eap

[mech_eap.orig] / util_name.c

diff --git a/util_name.c b/util_name.c
index e52bb4e..c11c5bf 100644 (file)
--- a/util_name.c
+++ b/util_name.c
@@ -689,6 +689,7 @@ gssEapDisplayName(OM_uint32 *minor,
     krb5_context krbContext;
     char *krbName;
     gss_OID name_type;
+    int flags = 0;
 
     GSSEAP_KRB_INIT(&krbContext);
 
@@ -700,7 +701,20 @@ gssEapDisplayName(OM_uint32 *minor,
         return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
     }
 
-    *minor = krb5_unparse_name(krbContext, name->krbPrincipal, &krbName);
+    /*
+     * According to draft-ietf-abfab-gss-eap-01, when the realm is
+     * absent the trailing '@' is not included.
+     */
+#ifdef HAVE_HEIMDAL_VERSION
+    if (KRB_PRINC_REALM(name->krbPrincipal) == NULL ||
+        KRB_PRINC_REALM(name->krBPrincipal)[0] == '\0')
+#else
+    if (KRB_PRINC_REALM(name->krbPrincipal)->length == 0)
+#endif
+        flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM;
+
+    *minor = krb5_unparse_name_flags(krbContext, name->krbPrincipal,
+                                     flags, &krbName);
     if (*minor != 0) {
         return GSS_S_FAILURE;
     }