oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Document logic in _krb5_is_anon_request

Browse Source 
describe why we look at the different bits and fields
This commit is contained in:
Chaskiel Grundman
2014-07-06 14:37:49 -04:00
parent c2e2de7384
commit f3789f8cc5
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kdc/kerberos5.c
View File

@@ -2329,6 +2329,10 @@ _kdc_tkt_add_if_relevant_ad(krb5_context context,
krb5_boolean krb5_boolean
_kdc_is_anon_request(const KDC_REQ_BODY *b) _kdc_is_anon_request(const KDC_REQ_BODY *b)
{ {
/* some versions of heimdal use bit 14 instead of 16 for
request_anonymous, as indicated in the anonymous draft prior to
version 11. Bit 14 is assigned to S4U2Proxy, but all S4U2Proxy
requests will have a second ticket; don't consider those anonymous */
return (b->kdc_options.request_anonymous || return (b->kdc_options.request_anonymous ||
(b->kdc_options.constrained_delegation && !b->additional_tickets)); (b->kdc_options.constrained_delegation && !b->additional_tickets));
} }