svn rev #22960: trunk/src/kdc/
lhoward@MIT.EDU
lhoward at MIT.EDU
Wed Oct 21 12:00:08 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22960
Commit By: lhoward
Log Message:
ensure that forwardable flag is propagated along S4U2Self referral path
Changed Files:
U trunk/src/kdc/do_tgs_req.c
Modified: trunk/src/kdc/do_tgs_req.c
===================================================================
--- trunk/src/kdc/do_tgs_req.c 2009-10-21 00:53:47 UTC (rev 22959)
+++ trunk/src/kdc/do_tgs_req.c 2009-10-21 16:00:08 UTC (rev 22960)
@@ -466,11 +466,18 @@
isflagset(client.attributes, KRB5_KDB_DISALLOW_FORWARDABLE))
clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
/*
+ * Forwardable flag is propagated along referral path.
+ */
+ else if (is_referral &&
+ !isflagset(header_enc_tkt->flags, TKT_FLG_FORWARDABLE))
+ clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
+ /*
* OK_TO_AUTH_AS_DELEGATE must be set on the service requesting
* S4U2Self in order for forwardable tickets to be returned.
*/
else if (!is_referral &&
- !isflagset(server.attributes, KRB5_KDB_OK_TO_AUTH_AS_DELEGATE))
+ (!isflagset(header_enc_tkt->flags, TKT_FLG_FORWARDABLE) ||
+ !isflagset(server.attributes, KRB5_KDB_OK_TO_AUTH_AS_DELEGATE)))
clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
}
}
More information about the cvs-krb5
mailing list