oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5tgs: let TGS_REQ with NULL caddr returns an addessless ticket

Browse Source 
When processing a request, current tgs_make_reply uses the requested
set of addrs of the request to establish the set of addresses to
associate with the ticket in reply.

However, when the request input set of addrs is NULL, it reverts to
using the TGT set of addresses instead. As a result, it is not
possible to acquire an addressless TGS (or forwarded TGT) using a
TGT that is addressed.

This patch remove the fallback ensuring that a TGS_REQ with a set
of addrs set to NULL enables to acquire an addressless ticket.
This commit is contained in:
Matthieu Hautreux
2014-06-04 22:35:08 +02:00
committed by Viktor Dukhovni
parent a730c89376
commit 6c0306843d
1 changed files with 0 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kdc/krb5tgs.c
View File

@@ -814,8 +814,6 @@ tgs_make_reply(krb5_context context,
rep.ticket.tkt_vno = 5; rep.ticket.tkt_vno = 5;
ek.caddr = et.caddr; ek.caddr = et.caddr;
if(et.caddr == NULL)
et.caddr = tgt->caddr;
{ {
time_t life; time_t life;