diff options
author | Greg Hudson <ghudson@mit.edu> | 2010-07-15 04:18:00 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2010-07-15 04:18:00 +0000 |
commit | 0bc31d0cba884ff4103f254dd9daf678e2a9a6c5 (patch) | |
tree | 01b0818ea7e1f1ef6283f8275f7b1b402e85484d /src/kdc/kdc_util.c | |
parent | 002d9a7e7cb50e71c9ffdf3b2cf60bac3b374235 (diff) | |
download | krb5-0bc31d0cba884ff4103f254dd9daf678e2a9a6c5.tar.gz krb5-0bc31d0cba884ff4103f254dd9daf678e2a9a6c5.tar.xz krb5-0bc31d0cba884ff4103f254dd9daf678e2a9a6c5.zip |
Add check_allowed_to_delegate to the DAL with a corresponding libkdb5
API, replacing the last method (CHECK_ALLOWED_TO_DELEGATE) of
db_invoke. Remove db_invoke since it no longer has any methods.
ticket: 6749
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24189 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_util.c')
-rw-r--r-- | src/kdc/kdc_util.c | 37 |
1 files changed, 4 insertions, 33 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index c0b22ce691..1e79273bcf 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -2180,47 +2180,19 @@ kdc_process_s4u2self_req(krb5_context context, } static krb5_error_code -check_allowed_to_delegate_to(krb5_context context, - krb5_const_principal client, +check_allowed_to_delegate_to(krb5_context context, krb5_const_principal client, const krb5_db_entry *server, krb5_const_principal proxy) { - kdb_check_allowed_to_delegate_req req; - krb5_data req_data; - krb5_data rep_data; - krb5_error_code code; - /* Can't get a TGT (otherwise it would be unconstrained delegation) */ - if (krb5_is_tgs_principal(proxy)) { + if (krb5_is_tgs_principal(proxy)) return KRB5KDC_ERR_POLICY; - } /* Must be in same realm */ - if (!krb5_realm_compare(context, server->princ, proxy)) { + if (!krb5_realm_compare(context, server->princ, proxy)) return KRB5KDC_ERR_POLICY; - } - - req.server = server; - req.proxy = proxy; - req.client = client; - req_data.data = (void *)&req; - req_data.length = sizeof(req); - - rep_data.data = NULL; - rep_data.length = 0; - - code = krb5_db_invoke(context, - KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE, - &req_data, - &rep_data); - if (code == KRB5_PLUGIN_OP_NOTSUPP) { - code = KRB5KDC_ERR_POLICY; - } - - assert(rep_data.length == 0); - - return code; + return krb5_db_check_allowed_to_delegate(context, client, server, proxy); } krb5_error_code @@ -2432,7 +2404,6 @@ log_tgs_req(const krb5_fulladdr *from, /* OpenSolaris: audit_krb5kdc_tgs_req(...) or audit_krb5kdc_tgs_req_2ndtktmm(...) */ - /* ... krb5_db_invoke ... */ } void |