diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-08-31 11:45:48 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-09-03 19:13:50 -0400 |
| commit | 0ebf39d8787b04b524967cdd48f1f1bcaf6bf8f9 (patch) | |
| tree | 61f0124386c36ddf28f0d9d87164f1e84bff19b1 /src/kdc/do_tgs_req.c | |
| parent | 81ceb5352dd3bc11a546d818107d0c4a896cee44 (diff) | |
| download | krb5-0ebf39d8787b04b524967cdd48f1f1bcaf6bf8f9.tar.gz krb5-0ebf39d8787b04b524967cdd48f1f1bcaf6bf8f9.tar.xz krb5-0ebf39d8787b04b524967cdd48f1f1bcaf6bf8f9.zip | |
Support FAST hide-client-names option
In the KDC, if we see the hide-client-names option, identify the
client as the anonymous principal in KDC-REP and KRB-ERROR responses.
The actual client name is present in encrypted FAST elements.
ticket: 7700 (new)
Diffstat (limited to 'src/kdc/do_tgs_req.c')
| -rw-r--r-- | src/kdc/do_tgs_req.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index e66badbbad..85f07f171e 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -739,6 +739,8 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt, goto cleanup; } + if (kdc_fast_hide_client(state)) + reply.client = (krb5_principal)krb5_anonymous_principal(); errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart, subkey ? 1 : 0, reply_key, @@ -877,6 +879,8 @@ prepare_error_tgs (struct kdc_request_state *state, } if (fast_edata) errpkt.e_data = *fast_edata; + if (kdc_fast_hide_client(state) && errpkt.client != NULL) + errpkt.client = (krb5_principal)krb5_anonymous_principal(); retval = krb5_mk_error(kdc_context, &errpkt, scratch); free(errpkt.text.data); krb5_free_data(kdc_context, e_data_asn1); |