oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: clear et->flags.ok_as_delegate if cross-realm krbtgt does not have it

Browse Source 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Stefan Metzmacher
2025-03-21 13:09:37 +01:00
committed by Jeffrey Altman
parent 225d1c4c0e
commit 50067e8171
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kdc/krb5tgs.c
View File

@@ -687,6 +687,10 @@ tgs_make_reply(astgs_request_t r,
et->flags.hw_authent = tgt->flags.hw_authent;
et->flags.ok_as_delegate = r->server->flags.ok_as_delegate;
/* See MS-KILE 3.3.5.7.5 Cross-Domain Trust and Referrals */
if (!r->krbtgt->flags.ok_as_delegate)
et->flags.ok_as_delegate = 0;
/* See MS-KILE 3.3.5.1 */
if (!r->server->flags.forwardable)
et->flags.forwardable = 0;