oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: fix compliance with RFC 8062 Section 4.1

Browse Source 
RFC 8062 states that if the client in the AS request is anonymous, the
anonymous KDC option must be set in the request; otherwise, KDC_ERR_BADOPTION
must be returned. We were previously returning KDC_ERR_C_PRINCIPAL_UNKNOWN.
This commit is contained in:
Luke Howard
2019-05-01 16:32:44 +10:00
committed by Jeffrey Altman
parent 1bc2eb33f9
commit 2f013b0d48
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kdc/kerberos5.c
View File

@@ -1763,7 +1763,7 @@ _kdc_as_rep(kdc_request_t r,
if (_kdc_is_anonymous(context, r->client_princ)) {
if (!_kdc_is_anon_request(b)) {
kdc_log(context, config, 0, "Anonymous ticket w/o anonymous flag");
ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
ret = KRB5KDC_ERR_BADOPTION;
goto out;
}
} else if (_kdc_is_anon_request(b)) {