diff options
author | Luke Howard <lukeh@padl.com> | 2009-10-21 16:00:08 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2009-10-21 16:00:08 +0000 |
commit | c14b87cbad5b225c5028fc6e2b73af0247cdca65 (patch) | |
tree | cd416d1491b398ffc85cc5b3ebc63671a55de4ec /src/kdc | |
parent | 5c17001b73583cc9df513e2d8bb5b54c6ac7d596 (diff) | |
download | krb5-c14b87cbad5b225c5028fc6e2b73af0247cdca65.tar.gz krb5-c14b87cbad5b225c5028fc6e2b73af0247cdca65.tar.xz krb5-c14b87cbad5b225c5028fc6e2b73af0247cdca65.zip |
ensure that forwardable flag is propagated along S4U2Self referral path
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22960 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc')
-rw-r--r-- | src/kdc/do_tgs_req.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 7ea3975dc..057a44250 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -466,11 +466,18 @@ tgt_again: isflagset(client.attributes, KRB5_KDB_DISALLOW_FORWARDABLE)) clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE); /* + * Forwardable flag is propagated along referral path. + */ + else if (is_referral && + !isflagset(header_enc_tkt->flags, TKT_FLG_FORWARDABLE)) + clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE); + /* * OK_TO_AUTH_AS_DELEGATE must be set on the service requesting * S4U2Self in order for forwardable tickets to be returned. */ else if (!is_referral && - !isflagset(server.attributes, KRB5_KDB_OK_TO_AUTH_AS_DELEGATE)) + (!isflagset(header_enc_tkt->flags, TKT_FLG_FORWARDABLE) || + !isflagset(server.attributes, KRB5_KDB_OK_TO_AUTH_AS_DELEGATE))) clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE); } } |