oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: check KDC supports anonymous if requested

Browse Source 
Verify the KDC recognized the request-anonymous flag by validating the returned
client principal name.
This commit is contained in:
Luke Howard
2019-05-18 13:55:36 +10:00
committed by Jeffrey Altman
parent 5c70e5015e
commit 014e318d6b
5 changed files with 45 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/krb5/get_cred.c
View File

@@ -560,6 +560,8 @@ get_cred_kdc(krb5_context context,
/* XXX should do better testing */
if (flags.b.constrained_delegation || impersonate_principal)
eflags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH;
if (flags.b.request_anonymous)
eflags |= EXTRACT_TICKET_MATCH_ANON;
ret = _krb5_extract_ticket(context,
&rep,