oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Change sematics of ok-as-delegate to match windows if

Browse Source 
[gssapi]realm/ok-as-delegate=true is set, otherwise keep old sematics.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16283 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-11-02 11:52:49 +00:00
parent 6ece760454
commit d28785e212
2 changed files with 16 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/gssapi/init_sec_context.c
View File

@@ -332,20 +332,19 @@ init_auth
} }
/* /*
* If the realm policy approves a delegation, lets check local * If the credential doesn't have ok-as-delegate, check what local
* policy if the credentials should be delegated, defafult to * policy say about ok-as-delegate, default is FALSE that makes
* false. * code ignore all this, but if its TRUE, strip of the
* GSS_C_DELEG_FLAG.
*/ */
if (cred->flags.b.ok_as_delegate) { if (!cred->flags.b.ok_as_delegate) {
krb5_boolean delegate = FALSE; krb5_boolean delegate;
_gss_check_compat(NULL, target_name, "ok-as-delegate",
&delegate, TRUE);
krb5_appdefault_boolean(gssapi_krb5_context, krb5_appdefault_boolean(gssapi_krb5_context,
"gssapi", target_name->realm, "gssapi", target_name->realm,
"ok-as-delegate", delegate, &delegate); "ok-as-delegate", FALSE, &delegate);
if (delegate) if (delegate)
req_flags |= GSS_C_DELEG_FLAG; req_flags &= ~GSS_C_DELEG_FLAG;
} }
flags = 0; flags = 0;

17
lib/gssapi/krb5/init_sec_context.c
View File

@@ -332,20 +332,19 @@ init_auth
} }
/* /*
* If the realm policy approves a delegation, lets check local * If the credential doesn't have ok-as-delegate, check what local
* policy if the credentials should be delegated, defafult to * policy say about ok-as-delegate, default is FALSE that makes
* false. * code ignore all this, but if its TRUE, strip of the
* GSS_C_DELEG_FLAG.
*/ */
if (cred->flags.b.ok_as_delegate) { if (!cred->flags.b.ok_as_delegate) {
krb5_boolean delegate = FALSE; krb5_boolean delegate;
_gss_check_compat(NULL, target_name, "ok-as-delegate",
&delegate, TRUE);
krb5_appdefault_boolean(gssapi_krb5_context, krb5_appdefault_boolean(gssapi_krb5_context,
"gssapi", target_name->realm, "gssapi", target_name->realm,
"ok-as-delegate", delegate, &delegate); "ok-as-delegate", FALSE, &delegate);
if (delegate) if (delegate)
req_flags |= GSS_C_DELEG_FLAG; req_flags &= ~GSS_C_DELEG_FLAG;
} }
flags = 0; flags = 0;