[Heimdal-source-changes] [heimdal/heimdal] 7381a2: kdc: check for cname-in-addl-tkt flag in constrain...
Luke Howard
noreply at github.com
Mon Juni 3 04:36:02 CEST 2019
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 7381a280c82e29d7c56fad938175e70b7ef85a9f
https://github.com/heimdal/heimdal/commit/7381a280c82e29d7c56fad938175e70b7ef85a9f
Author: Luke Howard <lukeh at padl.com>
Date: 2019-06-03 (Mon, 03 Jun 2019)
Changed paths:
M kdc/krb5tgs.c
Log Message:
-----------
kdc: check for cname-in-addl-tkt flag in constrained delegation
Before accepting an additional ticket for use with constrained delegation,
verify the cname-in-addl-tkt flag was set. If not, ignore the request.
Commit: 27c6cf7a9f26883eee0b17b36dd58a52d2ca3d98
https://github.com/heimdal/heimdal/commit/27c6cf7a9f26883eee0b17b36dd58a52d2ca3d98
Author: Luke Howard <lukeh at padl.com>
Date: 2019-06-03 (Mon, 03 Jun 2019)
Changed paths:
M kdc/kerberos5.c
M kdc/krb5tgs.c
Log Message:
-----------
kdc: refactor anonymous checks in KDC
_kdc_is_anon_request() is only used by the AS, so make it static.
Centralize anonymous poilcy checks shared between AS and TGS into a shared
function, _kdc_check_anon_policy().
When issuing an anonymous ticket, set the ticket flag early and test that
rather than re-testing the request.
Compare: https://github.com/heimdal/heimdal/compare/cf940e15f4ea...27c6cf7a9f26
More information about the Heimdal-source-changes
mailing list