oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: no error if req is fwdable on non-fwdable princ

Browse Source 
Instead of returning an error if the client asks for
a forwardable ticket where it isn't allowed, we simply
return one that isn't forwardable.
This commit is contained in:
Roland C. Dowdeswell
2019-06-21 14:02:22 +01:00
committed by Jeffrey Altman
parent fcd57af8e1
commit 9aa573c9ce
1 changed files with 0 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kdc/kerberos5.c
View File

@@ -2077,11 +2077,6 @@ _kdc_as_rep(kdc_request_t r,
r->et.flags.initial = 1; r->et.flags.initial = 1;
if(r->client->entry.flags.forwardable && r->server->entry.flags.forwardable) if(r->client->entry.flags.forwardable && r->server->entry.flags.forwardable)
r->et.flags.forwardable = f.forwardable; r->et.flags.forwardable = f.forwardable;
else if (f.forwardable) {
_kdc_set_e_text(r, "Ticket may not be forwardable");
ret = KRB5KDC_ERR_POLICY;
goto out;
}
if(r->client->entry.flags.proxiable && r->server->entry.flags.proxiable) if(r->client->entry.flags.proxiable && r->server->entry.flags.proxiable)
r->et.flags.proxiable = f.proxiable; r->et.flags.proxiable = f.proxiable;
else if (f.proxiable) { else if (f.proxiable) {