kdc: move Services for User implementation out of krb5tgs.c
Move the Services for User (SFU/S4U) implementation -- protocol transition and constrained delegation -- into its own compilation unit, with an interface that only takes an astgs_request_t, so it can be easily factored out into a plugin module in the future. This refactoring is also careful to update all client names in the request structure after the SFU/S4U validation has successfully completed.
This commit is contained in:
Luke Howard
@@ -2343,6 +2343,8 @@ _kdc_as_rep(astgs_request_t r)
|
||||
goto out;
|
||||
}
|
||||
|
||||
r->canon_client_princ = r->client->entry.principal;
|
||||
|
||||
/*
|
||||
* Verify flags after the user been required to prove its identity
|
||||
* with in a preauth mech.
|
||||
|
||||
Reference in New Issue
Block a user