oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: skip cache check in S4U2Proxy requests

Browse Source
This commit is contained in:
Isaac Boukris
2021-09-28 02:55:00 +03:00
committed by Luke Howard
parent 85a5e5fb30
commit 3e466caf10
2 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/krb5/get_cred.c
View File

@@ -1067,7 +1067,7 @@ get_cred_kdc_referral(krb5_context context,
char *referral_realm;
/* Use cache if we are not doing impersonation or contrained deleg */
if (impersonate_principal == NULL || flags.b.cname_in_addl_tkt) {
if (impersonate_principal == NULL && !flags.b.cname_in_addl_tkt) {
krb5_cc_clear_mcred(&mcreds);
mcreds.server = referral.server;
krb5_timeofday(context, &mcreds.times.endtime);
@@ -1621,13 +1621,15 @@ next_rule:
goto out;
}
ret = check_cc(context, options, ccache, &in_creds, res_creds);
if (ret == 0) {
*out_creds = res_creds;
res_creds = NULL;
goto out;
} else if (ret != KRB5_CC_END) {
goto out;
if ((options & KRB5_GC_CONSTRAINED_DELEGATION) == 0) {
ret = check_cc(context, options, ccache, &in_creds, res_creds);
if (ret == 0) {
*out_creds = res_creds;
res_creds = NULL;
goto out;
} else if (ret != KRB5_CC_END) {
goto out;
}
}
if (options & KRB5_GC_CACHED)
goto next_rule;