mit-kdc: Explicitly reject S4U requests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14342 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Tue Mar 10 14:46:04 UTC 2020 on sn-devel-184
author: Isaac Boukris <iboukris@gmail.com> 2020-01-31 22:34:21 +0100
committer: Karolin Seeger <kseeger@samba.org> 2020-04-15 11:56:08 +0000
commit: 8e3484c163c07a69425edaa5790d2e33f406c993 (patch)
tree: 199440bf9080b523db4b20e006b0e48af3b87bc8
parent: 8bdcac936ead95295f2203eb22effb10c07591c1 (diff)
download: samba-8e3484c163c07a69425edaa5790d2e33f406c993.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
index 2eec496fa92..9197551ed61 100644
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@@ -334,6 +334,11 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 	krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key;
 #endif
 
+	/* FIXME: We don't support S4U yet */
+	if (flags & KRB5_KDB_FLAGS_S4U) {
+		return KRB5_KDB_DBTYPE_NOSUP;
+	}
+
 	is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0);
 
 	if (is_as_req && (flags & KRB5_KDB_FLAG_INCLUDE_PAC)) {
author	Isaac Boukris <iboukris@gmail.com>	2020-01-31 22:34:21 +0100
committer	Karolin Seeger <kseeger@samba.org>	2020-04-15 11:56:08 +0000
commit	8e3484c163c07a69425edaa5790d2e33f406c993 (patch)
tree	199440bf9080b523db4b20e006b0e48af3b87bc8
parent	8bdcac936ead95295f2203eb22effb10c07591c1 (diff)
download	samba-8e3484c163c07a69425edaa5790d2e33f406c993.tar.gz