oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

always check transited policy if flag set either globally or on

Browse Source 
principal


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13037 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2003-10-21 11:16:43 +00:00
parent 8505970b33
commit 357e4592b9
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
kdc/kerberos5.c
View File

@@ -1206,9 +1206,9 @@ check_tgs_flags(KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et)
} }
static krb5_error_code static krb5_error_code
fix_transited_encoding(TransitedEncoding *tr, fix_transited_encoding(krb5_boolean check_policy,
TransitedEncoding *tr,
EncTicketPart *et, EncTicketPart *et,
KDCOptions *f,
const char *client_realm, const char *client_realm,
const char *server_realm, const char *server_realm,
const char *tgt_realm) const char *tgt_realm)
@@ -1252,7 +1252,7 @@ fix_transited_encoding(TransitedEncoding *tr,
} }
num_realms++; num_realms++;
} }
if(!f->disable_transited_check) { if(check_policy) {
ret = krb5_check_transited(context, client_realm, ret = krb5_check_transited(context, client_realm,
server_realm, server_realm,
realms, num_realms, NULL); realms, num_realms, NULL);
@@ -1353,7 +1353,10 @@ tgs_make_reply(KDC_REQ_BODY *b,
if(ret) if(ret)
goto out; goto out;
ret = fix_transited_encoding(&tgt->transited, &et, &f, ret = fix_transited_encoding(enforce_transited_policy
|| server->flags.enforce_transited_policy
|| !f.disable_transited_check,
&tgt->transited, &et,
*krb5_princ_realm(context, client_principal), *krb5_princ_realm(context, client_principal),
*krb5_princ_realm(context, server->principal), *krb5_princ_realm(context, server->principal),
*krb5_princ_realm(context, krbtgt->principal)); *krb5_princ_realm(context, krbtgt->principal));