From 6c0306843d122e17b8289550a05a063ba9799070 Mon Sep 17 00:00:00 2001 From: Matthieu Hautreux Date: Wed, 4 Jun 2014 22:35:08 +0200 Subject: [PATCH] krb5tgs: let TGS_REQ with NULL caddr returns an addessless ticket When processing a request, current tgs_make_reply uses the requested set of addrs of the request to establish the set of addresses to associate with the ticket in reply. However, when the request input set of addrs is NULL, it reverts to using the TGT set of addresses instead. As a result, it is not possible to acquire an addressless TGS (or forwarded TGT) using a TGT that is addressed. This patch remove the fallback ensuring that a TGS_REQ with a set of addrs set to NULL enables to acquire an addressless ticket. --- kdc/krb5tgs.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c index 2bee0ec48..47b8f10b6 100644 --- a/kdc/krb5tgs.c +++ b/kdc/krb5tgs.c @@ -814,8 +814,6 @@ tgs_make_reply(krb5_context context, rep.ticket.tkt_vno = 5; ek.caddr = et.caddr; - if(et.caddr == NULL) - et.caddr = tgt->caddr; { time_t life;