[Heimdal-source-changes] [heimdal/heimdal] cdd0b7: kdc: don't misidentify constrained delegation requ...

Mon Juni 3 06:42:24 CEST 2019

  Branch: refs/heads/master
  Home:   https://github.com/heimdal/heimdal
  Commit: cdd0b70d37d87026e8618ff44b8d636c0bf9cb6c
      https://github.com/heimdal/heimdal/commit/cdd0b70d37d87026e8618ff44b8d636c0bf9cb6c
  Author: Luke Howard <lukeh at padl.com>
  Date:   2019-06-03 (Mon, 03 Jun 2019)

  Changed paths:
    M kdc/kerberos5.c
    M kdc/krb5tgs.c

  Log Message:
  -----------
  kdc: don't misidentify constrained delegation requests as anonymous

Earlier (pre-7.6) Heimdal clients would send both the request-anonymous and
cname-in-addl-tkt flags for constrained delegation requests. A true anonymous
TGS request will only have the former flag set. Do not treat TGS requests with
both flags set as anonymous requests.