(krb5_get_forwarded_creds): Use [appdefault]no-addresses before

checking if the krbtgt is address-less, use KRB5_ADDRESSLESS_DEFAULT.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16687 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-02-03 11:37:29 +00:00
parent 99dd89912c
commit 1bb5af8ef5

View File

@@ -185,18 +185,29 @@ krb5_get_forwarded_creds (krb5_context context,
addrs.val = NULL;
paddrs = &addrs;
{
krb5_boolean noaddr;
krb5_appdefault_boolean(context, NULL, realm,
"no-addresses", KRB5_ADDRESSLESS_DEFAULT,
&noaddr);
if (noaddr)
paddrs = NULL;
}
/*
* If tickets are address-less, forward address-less tickets.
*/
ret = _krb5_get_krbtgt (context,
ccache,
realm,
&ticket);
if(ret == 0) {
if (ticket->addresses.len == 0)
paddrs = NULL;
krb5_free_creds (context, ticket);
if (paddrs) {
ret = _krb5_get_krbtgt (context,
ccache,
realm,
&ticket);
if(ret == 0) {
if (ticket->addresses.len == 0)
paddrs = NULL;
krb5_free_creds (context, ticket);
}
}
if (paddrs != NULL) {
@@ -277,21 +288,14 @@ krb5_get_forwarded_creds (krb5_context context,
enc_krb_cred_part.usec = NULL;
}
if (auth_context->local_address && auth_context->local_port) {
krb5_boolean noaddr;
krb5_const_realm srealm;
if (auth_context->local_address && auth_context->local_port && paddrs) {
srealm = krb5_principal_get_realm(context, out_creds->server);
krb5_appdefault_boolean(context, NULL, srealm, "no-addresses",
paddrs == NULL, &noaddr);
if (!noaddr) {
ret = krb5_make_addrport (context,
&enc_krb_cred_part.s_address,
auth_context->local_address,
auth_context->local_port);
if (ret)
goto out4;
}
ret = krb5_make_addrport (context,
&enc_krb_cred_part.s_address,
auth_context->local_address,
auth_context->local_port);
if (ret)
goto out4;
}
if (auth_context->remote_address) {