From ada66852c0b0c9ed226e6506cfa9904b1a8958eb Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Wed, 2 Mar 2011 13:42:34 +1100
Subject: [PATCH] Use anonymous name if we have not initiator identity

---
 accept_sec_context.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/accept_sec_context.c b/accept_sec_context.c
index e35ce5f..f686a3c 100644
--- a/accept_sec_context.c
+++ b/accept_sec_context.c
@@ -74,7 +74,9 @@ acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
         ctx->gssFlags |= GSS_C_ANON_FLAG;
     }
 
-    major = gssEapImportName(minor, &nameBuf, GSS_C_NT_USER_NAME,
+    major = gssEapImportName(minor, &nameBuf,
+                             (ctx->gssFlags & GSS_C_ANON_FLAG) ?
+                                GSS_C_NT_ANONYMOUS : GSS_C_NT_USER_NAME,
                              &ctx->initiatorName);
     if (GSS_ERROR(major))
         return major;
@@ -630,6 +632,9 @@ gss_accept_sec_context(OM_uint32 *minor,
     output_token->length = 0;
     output_token->value = NULL;
 
+    if (src_name != NULL)
+        *src_name = GSS_C_NO_NAME;
+
     if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
         *minor = GSSEAP_TOK_TRUNC;
         return GSS_S_DEFECTIVE_TOKEN;
-- 
2.1.4