oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: report_canonical_client_name implies check_pac

Browse Source
This commit is contained in:
Luke Howard
2021-12-22 14:33:01 +11:00
parent 9aa67e58ba
commit 5ba4607277
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/krb5/context.c
View File

@@ -242,6 +242,10 @@ init_context_from_config_file(krb5_context context)
INIT_FLAG(context, flags, KRB5_CTX_F_ENFORCE_OK_AS_DELEGATE, FALSE, "enforce_ok_as_delegate");
INIT_FLAG(context, flags, KRB5_CTX_F_REPORT_CANONICAL_CLIENT_NAME, FALSE, "report_canonical_client_name");
/* need to verify the PAC if we are going to report the canonical client name */
if (flags & KRB5_CTX_F_REPORT_CANONICAL_CLIENT_NAME)
flags |= KRB5_CTX_F_CHECK_PAC;
if (context->default_cc_name)
free(context->default_cc_name);
context->default_cc_name = NULL;