diff options
author | Isaac Boukris <iboukris@gmail.com> | 2020-01-31 22:34:21 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2020-04-15 11:56:08 +0000 |
commit | 8e3484c163c07a69425edaa5790d2e33f406c993 (patch) | |
tree | 199440bf9080b523db4b20e006b0e48af3b87bc8 | |
parent | 8bdcac936ead95295f2203eb22effb10c07591c1 (diff) | |
download | samba-8e3484c163c07a69425edaa5790d2e33f406c993.tar.gz |
mit-kdc: Explicitly reject S4U requests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14342
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Tue Mar 10 14:46:04 UTC 2020 on sn-devel-184
-rw-r--r-- | source4/kdc/mit-kdb/kdb_samba_policies.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c index 2eec496fa92..9197551ed61 100644 --- a/source4/kdc/mit-kdb/kdb_samba_policies.c +++ b/source4/kdc/mit-kdb/kdb_samba_policies.c @@ -334,6 +334,11 @@ krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context, krbtgt_key = krbtgt_key == NULL ? local_krbtgt_key : krbtgt_key; #endif + /* FIXME: We don't support S4U yet */ + if (flags & KRB5_KDB_FLAGS_S4U) { + return KRB5_KDB_DBTYPE_NOSUP; + } + is_as_req = ((flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY) != 0); if (is_as_req && (flags & KRB5_KDB_FLAG_INCLUDE_PAC)) { |