diff options
author | Luke Howard <lukeh@padl.com> | 2011-04-01 05:56:33 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2011-04-01 05:56:33 +0000 |
commit | 4ececcde1a339993971d9722eae335a21cfed0ea (patch) | |
tree | f5d303dd3fa700240505e02e3e1fca3eac2cefc3 /src/lib/krb5 | |
parent | 6f94401ee3b0bfb1d7262fccbd794108fac3aa92 (diff) | |
download | krb5-4ececcde1a339993971d9722eae335a21cfed0ea.tar.gz krb5-4ececcde1a339993971d9722eae335a21cfed0ea.tar.xz krb5-4ececcde1a339993971d9722eae335a21cfed0ea.zip |
s4u2proxy_set_attribute should only return EPERM for its own attribute
Failure to do this breaks other attribute providers' set_attribute()
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24775 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5')
-rw-r--r-- | src/lib/krb5/krb/s4u_authdata.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/src/lib/krb5/krb/s4u_authdata.c b/src/lib/krb5/krb/s4u_authdata.c index 1c6194350..54713cc85 100644 --- a/src/lib/krb5/krb/s4u_authdata.c +++ b/src/lib/krb5/krb/s4u_authdata.c @@ -232,14 +232,6 @@ s4u2proxy_request_fini(krb5_context kcontext, * interoperability */ -#if 0 -static krb5_data s4u2proxy_proxy_target_attr = { - KV5M_DATA, - sizeof("urn:constrained-delegation:proxy-target") - 1, - "urn:constrained-delegation:proxy-target" -}; -#endif - static krb5_data s4u2proxy_transited_services_attr = { KV5M_DATA, sizeof("urn:constrained-delegation:transited-services") - 1, @@ -360,6 +352,8 @@ s4u2proxy_set_attribute(krb5_context kcontext, const krb5_data *value) { /* Only the KDC can set this attribute. */ + if (!data_eq(*attribute, s4u2proxy_transited_services_attr)) + return ENOENT; return EPERM; } |