From e220a6288b10e1f9280e8aa2cb18ad56391e0a45 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 8 Jul 2010 23:34:35 +0000
Subject: Create a KRB5_KDB_FLAG_ALIAS_OK to control whether plugin modules
 should return in-realm aliases.  Set it where appropriate, and use it in the
 LDAP module instead of intuiting the result based on other flags.

ticket: 6749
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24178 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kdc/do_as_req.c  | 2 ++
 src/kdc/do_tgs_req.c | 1 +
 2 files changed, 3 insertions(+)

(limited to 'src/kdc')

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 57070f517d..48a55e4c71 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -195,6 +195,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
         krb5_princ_type(kdc_context,
                         request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
         setflag(c_flags, KRB5_KDB_FLAG_CANONICALIZE);
+        setflag(c_flags, KRB5_KDB_FLAG_ALIAS_OK);
     }
     if (include_pac_p(kdc_context, request)) {
         setflag(c_flags, KRB5_KDB_FLAG_INCLUDE_PAC);
@@ -237,6 +238,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
 #endif
 
     s_flags = 0;
+    setflag(s_flags, KRB5_KDB_FLAG_ALIAS_OK);
     if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE)) {
         setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE);
     }
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index eeafa071c1..2c4514ca20 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -205,6 +205,7 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
     /* XXX make sure server here has the proper realm...taken from AP_REQ
        header? */
 
+    setflag(s_flags, KRB5_KDB_FLAG_ALIAS_OK);
     if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE)) {
         setflag(c_flags, KRB5_KDB_FLAG_CANONICALIZE);
         setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE);
-- 
cgit