svn rev #24775: trunk/src/lib/krb5/krb/

Fri Apr 1 01:56:33 EDT 2011

http://src.mit.edu/fisheye/changelog/krb5/?cs=24775
Commit By: lhoward
Log Message:
s4u2proxy_set_attribute should only return EPERM for its own attribute

Failure to do this breaks other attribute providers' set_attribute()


Changed Files:
U   trunk/src/lib/krb5/krb/s4u_authdata.c
Modified: trunk/src/lib/krb5/krb/s4u_authdata.c
===================================================================

--- trunk/src/lib/krb5/krb/s4u_authdata.c	2011-04-01 05:52:14 UTC (rev 24774)
+++ trunk/src/lib/krb5/krb/s4u_authdata.c	2011-04-01 05:56:33 UTC (rev 24775)
@@ -232,14 +232,6 @@
  * interoperability
  */
 
-#if 0
-static krb5_data s4u2proxy_proxy_target_attr = {
-    KV5M_DATA,
-    sizeof("urn:constrained-delegation:proxy-target") - 1,
-    "urn:constrained-delegation:proxy-target"
-};
-#endif
-
 static krb5_data s4u2proxy_transited_services_attr = {
     KV5M_DATA,
     sizeof("urn:constrained-delegation:transited-services") - 1,
@@ -360,6 +352,8 @@
                         const krb5_data *value)
 {
     /* Only the KDC can set this attribute. */
+    if (!data_eq(*attribute, s4u2proxy_transited_services_attr))
+        return ENOENT;
 
     return EPERM;
 }


