From 45067d5a62d413a4a3956b64201d2f28319997e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 14 Jun 2006 18:27:28 +0000
Subject: [PATCH] Use enable_v4_per_principal and check the new hdb flag.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17647 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/kerberos4.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/kdc/kerberos4.c b/kdc/kerberos4.c
index c27b16218..55d183c5d 100644
--- a/kdc/kerberos4.c
+++ b/kdc/kerberos4.c
@@ -221,6 +221,17 @@ _kdc_do_version4(krb5_context context,
 	    goto out1;
 	}
 
+	if (config->enable_v4_per_principal &&
+	    client->entry.flags.allow_kerberos4 == 0)
+	{
+	    kdc_log(context, config, 0,
+		    "Per principal Kerberos 4 flag not turned on for %s",
+		    client_name);
+	    make_err_reply(context, reply, KERB_ERR_NULL_KEY,
+			   "allow kerberos4 flag required");
+	    goto out1;
+	}
+
 	/*
 	 * There's no way to do pre-authentication in v4 and thus no
 	 * good error code to return if preauthentication is required.