svn rev #21532: branches/mskrb-integ/src/kdc/

lhoward@MIT.EDU lhoward at MIT.EDU
Wed Dec 17 23:03:54 EST 2008 

http://src.mit.edu/fisheye/changelog/krb5/?cs=21532
Commit By: lhoward
Log Message:
fix logic error from merge: OK_AS_DELEGATE should propagated from server to ticket if the server is NOT a referral


Changed Files:
U   branches/mskrb-integ/src/kdc/do_tgs_req.c
U   branches/mskrb-integ/src/kdc/kdc_util.c
Modified: branches/mskrb-integ/src/kdc/do_tgs_req.c
===================================================================
--- branches/mskrb-integ/src/kdc/do_tgs_req.c	2008-12-18 03:54:17 UTC (rev 21531)
+++ branches/mskrb-integ/src/kdc/do_tgs_req.c	2008-12-18 04:03:53 UTC (rev 21532)
@@ -121,6 +121,7 @@
     krb5_authdata **kdc_issued_auth_data = NULL;    /* auth data issued by KDC */
     unsigned int c_flags = 0, s_flags = 0;	    /* client/server KDB flags */
     char *s4u_name = NULL;
+    krb5_boolean is_referral;
 
     session_key.contents = NULL;
     
@@ -264,6 +265,8 @@
     if (!is_local_principal(header_enc_tkt->client))
 	setflag(c_flags, KRB5_KDB_FLAG_CROSS_REALM);
 
+    is_referral = is_referral_entry(kdc_context, &server);
+
     /* Check for protocol transition */
     errcode = kdc_process_s4u2self_req(kdc_context, request, header_enc_tkt->client,
 				       &server, header_enc_tkt->session, kdc_time,
@@ -387,7 +390,7 @@
     enc_tkt_reply.times.starttime = 0;
 
     if (isflagset(server.attributes, KRB5_KDB_OK_AS_DELEGATE) &&
-	is_referral_entry(kdc_context, &server)) {
+	!is_referral) {
 	/* Ensure that we are not returning a referral */
 	setflag(enc_tkt_reply.flags, TKT_FLG_OK_AS_DELEGATE);
     }

Modified: branches/mskrb-integ/src/kdc/kdc_util.c
===================================================================
--- branches/mskrb-integ/src/kdc/kdc_util.c	2008-12-18 03:54:17 UTC (rev 21531)
+++ branches/mskrb-integ/src/kdc/kdc_util.c	2008-12-18 04:03:53 UTC (rev 21532)
@@ -2233,7 +2233,7 @@
     tl_data.tl_data_contents = NULL;
 
     if (krb5_dbe_lookup_tl_data(context, server, &tl_data) == 0 &&
-	tl_data.tl_data_contents != NULL) {
+	tl_data.tl_data_length != 0) {
 	return TRUE;
     }

More information about the cvs-krb5 mailing list