oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hdb: add no-auth-data-reqd flag to HDB entry

Browse Source 
Add a new flag, no-auth-data-reqd, to the HDB entry which indicates that a PAC
should not be included on issued service tickets.
This commit is contained in:
Luke Howard
2021-12-23 13:24:10 +11:00
parent 317df4dbd4
commit 0165633964
7 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/kadm5/admin.h
View File

@@ -77,6 +77,7 @@
#define KRB5_KDB_VIRTUAL_KEYS 0x00200000 /* MIT doesn't have this */
#define KRB5_KDB_VIRTUAL 0x00400000 /* MIT doesn't have this */
#define KRB5_KDB_DISALLOW_CLIENT 0x00800000 /* MIT doesn't have this */
#define KRB5_KDB_NO_AUTH_DATA_REQUIRED 0x01000000 /* 0x00400000 in MIT */
/*
* MIT has:

1
lib/kadm5/ent_setup.c
View File

@@ -63,6 +63,7 @@ attr_to_flags(unsigned attr, HDBFlags *flags)
flags->materialize = !!(attr & KRB5_KDB_MATERIALIZE);
flags->virtual_keys = !!(attr & KRB5_KDB_VIRTUAL_KEYS);
flags->virtual = !!(attr & KRB5_KDB_VIRTUAL);
flags->no_auth_data_reqd = !!(attr & KRB5_KDB_NO_AUTH_DATA_REQUIRED);
}
/*

1
lib/kadm5/get_s.c
View File

@@ -185,6 +185,7 @@ kadm5_s_get_principal(void *server_handle,
out->attributes |= ent.entry.flags.allow_digest ? KRB5_KDB_ALLOW_DIGEST : 0;
out->attributes |= ent.entry.flags.virtual_keys ? KRB5_KDB_VIRTUAL_KEYS : 0;
out->attributes |= ent.entry.flags.virtual ? KRB5_KDB_VIRTUAL : 0;
out->attributes |= ent.entry.flags.no_auth_data_reqd ? KRB5_KDB_NO_AUTH_DATA_REQUIRED : 0;
}
if(mask & KADM5_MAX_LIFE) {
if(ent.entry.max_life)