diff options
author | Greg Hudson <ghudson@mit.edu> | 2010-07-08 23:34:35 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2010-07-08 23:34:35 +0000 |
commit | e220a6288b10e1f9280e8aa2cb18ad56391e0a45 (patch) | |
tree | b052d1e6cb8a61ad28acf1a246fae3e808ba1530 /src/kdc | |
parent | eb75acd30b4bee1124174c8ba5740a7ad1c97ba4 (diff) | |
download | krb5-e220a6288b10e1f9280e8aa2cb18ad56391e0a45.tar.gz krb5-e220a6288b10e1f9280e8aa2cb18ad56391e0a45.tar.xz krb5-e220a6288b10e1f9280e8aa2cb18ad56391e0a45.zip |
Create a KRB5_KDB_FLAG_ALIAS_OK to control whether plugin modules
should return in-realm aliases. Set it where appropriate, and use it
in the LDAP module instead of intuiting the result based on other
flags.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc')
-rw-r--r-- | src/kdc/do_as_req.c | 2 | ||||
-rw-r--r-- | src/kdc/do_tgs_req.c | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 57070f517d..48a55e4c71 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -195,6 +195,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, krb5_princ_type(kdc_context, request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL) { setflag(c_flags, KRB5_KDB_FLAG_CANONICALIZE); + setflag(c_flags, KRB5_KDB_FLAG_ALIAS_OK); } if (include_pac_p(kdc_context, request)) { setflag(c_flags, KRB5_KDB_FLAG_INCLUDE_PAC); @@ -237,6 +238,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, #endif s_flags = 0; + setflag(s_flags, KRB5_KDB_FLAG_ALIAS_OK); if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE)) { setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE); } diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index eeafa071c1..2c4514ca20 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -205,6 +205,7 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from, /* XXX make sure server here has the proper realm...taken from AP_REQ header? */ + setflag(s_flags, KRB5_KDB_FLAG_ALIAS_OK); if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE)) { setflag(c_flags, KRB5_KDB_FLAG_CANONICALIZE); setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE); |