krb5: set PKINIT_BTMM flag per Apple implementation

2019-05-07 13:54:10 +10:00
parent 8350f34a05
commit fd209c5dca
1 changed files with 5 additions and 0 deletions
--- a/lib/krb5/pkinit.c
+++ b/lib/krb5/pkinit.c
@@ -2380,6 +2380,11 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
 	opt->opt_private->pk_init_ctx = NULL;
 	return ret;
    }
+    if (flags & KRB5_GIC_OPT_PKINIT_BTMM)
+	opt->opt_private->pk_init_ctx->id->flags |= PKINIT_BTMM;
+
+    if (principal && krb5_principal_is_lkdc(context, principal))
+	opt->opt_private->pk_init_ctx->id->flags |= PKINIT_BTMM;

    if (opt->opt_private->pk_init_ctx->id->certs) {
 	_krb5_pk_set_user_id(context,