Don't require timestamp to be set on delegated token, its already
protected by the outer token (and windows doesn't alway send it) Pointed out by Zi-Bin Yang <zbyang@decru.com> on heimdal-discuss git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13128 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -305,8 +305,8 @@ gsskrb5_accept_sec_context
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
|
if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
|
||||||
|
|
||||||
krb5_ccache ccache;
|
krb5_ccache ccache;
|
||||||
|
int32_t ac_flags;
|
||||||
|
|
||||||
if (delegated_cred_handle == NULL)
|
if (delegated_cred_handle == NULL)
|
||||||
/* XXX Create a new delegated_cred_handle? */
|
/* XXX Create a new delegated_cred_handle? */
|
||||||
@@ -364,10 +364,19 @@ gsskrb5_accept_sec_context
|
|||||||
goto end_fwd;
|
goto end_fwd;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
krb5_auth_con_getflags(gssapi_krb5_context,
|
||||||
|
(*context_handle)->auth_context,
|
||||||
|
&ac_flags);
|
||||||
|
krb5_auth_con_setflags(gssapi_krb5_context,
|
||||||
|
(*context_handle)->auth_context,
|
||||||
|
ac_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
|
||||||
kret = krb5_rd_cred2(gssapi_krb5_context,
|
kret = krb5_rd_cred2(gssapi_krb5_context,
|
||||||
(*context_handle)->auth_context,
|
(*context_handle)->auth_context,
|
||||||
ccache,
|
ccache,
|
||||||
&fwd_data);
|
&fwd_data);
|
||||||
|
krb5_auth_con_setflags(gssapi_krb5_context,
|
||||||
|
(*context_handle)->auth_context,
|
||||||
|
ac_flags);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
flags &= ~GSS_C_DELEG_FLAG;
|
flags &= ~GSS_C_DELEG_FLAG;
|
||||||
goto end_fwd;
|
goto end_fwd;
|
||||||
|
|||||||
@@ -305,8 +305,8 @@ gsskrb5_accept_sec_context
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
|
if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
|
||||||
|
|
||||||
krb5_ccache ccache;
|
krb5_ccache ccache;
|
||||||
|
int32_t ac_flags;
|
||||||
|
|
||||||
if (delegated_cred_handle == NULL)
|
if (delegated_cred_handle == NULL)
|
||||||
/* XXX Create a new delegated_cred_handle? */
|
/* XXX Create a new delegated_cred_handle? */
|
||||||
@@ -364,10 +364,19 @@ gsskrb5_accept_sec_context
|
|||||||
goto end_fwd;
|
goto end_fwd;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
krb5_auth_con_getflags(gssapi_krb5_context,
|
||||||
|
(*context_handle)->auth_context,
|
||||||
|
&ac_flags);
|
||||||
|
krb5_auth_con_setflags(gssapi_krb5_context,
|
||||||
|
(*context_handle)->auth_context,
|
||||||
|
ac_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
|
||||||
kret = krb5_rd_cred2(gssapi_krb5_context,
|
kret = krb5_rd_cred2(gssapi_krb5_context,
|
||||||
(*context_handle)->auth_context,
|
(*context_handle)->auth_context,
|
||||||
ccache,
|
ccache,
|
||||||
&fwd_data);
|
&fwd_data);
|
||||||
|
krb5_auth_con_setflags(gssapi_krb5_context,
|
||||||
|
(*context_handle)->auth_context,
|
||||||
|
ac_flags);
|
||||||
if (kret) {
|
if (kret) {
|
||||||
flags &= ~GSS_C_DELEG_FLAG;
|
flags &= ~GSS_C_DELEG_FLAG;
|
||||||
goto end_fwd;
|
goto end_fwd;
|
||||||
|
|||||||
Reference in New Issue
Block a user