diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2013-09-28 21:49:57 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-10-04 10:25:31 +0200 |
commit | 749111e6c2dfbb288c864a6cd2f5ac228f30bec1 (patch) | |
tree | c791878bec8766d2e259cafff70591b893d56f1b /daemons/ipa-kdb/ipa_kdb.c | |
parent | 0ab40cdf6b354e8b760f604f2f94cf3c2292217e (diff) | |
download | freeipa-749111e6c2dfbb288c864a6cd2f5ac228f30bec1.tar.gz freeipa-749111e6c2dfbb288c864a6cd2f5ac228f30bec1.tar.xz freeipa-749111e6c2dfbb288c864a6cd2f5ac228f30bec1.zip |
KDC: implement transition check for trusted domains
When client principal requests for a ticket for a server principal
and we have to perform transition, check that all three belong to either
our domain or the domains we trust through forest trusts.
In case all three realms (client, transition, and server) match
trusted domains and our domain, issue permission to transition from client
realm to server realm.
Part of https://fedorahosted.org/freeipa/ticket/3909
Diffstat (limited to 'daemons/ipa-kdb/ipa_kdb.c')
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index 5e4d0474c..c807bbcfa 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -602,7 +602,7 @@ kdb_vftabl kdb_function_table = { NULL, /* decrypt_key_data */ NULL, /* encrypt_key_data */ ipadb_sign_authdata, /* sign_authdata */ - NULL, /* check_transited_realms */ + ipadb_check_transited_realms, /* check_transited_realms */ ipadb_check_policy_as, /* check_policy_as */ NULL, /* check_policy_tgs */ ipadb_audit_as_req, /* audit_as_req */ |