sdb: Do not set disallow if we do not have ticket info in the DB

These things are applied by the incoming ticket by the KDC. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
author: Andreas Schneider <asn@samba.org> 2016-02-12 10:01:54 +0100
committer: Alexander Bokovoy <ab@samba.org> 2016-06-02 12:48:13 +0200
commit: 84c4b91fc669353379a6ec3d81617693c9aff538 (patch)
tree: eaf8ca2cf0ebce661436ba47b9abb23dc5a575da
parent: db23c0fa97386062eea9c9982243fdecbf4133b9 (diff)
download: samba-84c4b91fc669353379a6ec3d81617693c9aff538.tar.gz
1 files changed, 17 insertions, 10 deletions
diff --git a/source4/kdc/sdb_to_kdb.c b/source4/kdc/sdb_to_kdb.c
index 9e0950c686a..5d4be53725b 100644
--- a/source4/kdc/sdb_to_kdb.c
+++ b/source4/kdc/sdb_to_kdb.c
@@ -36,20 +36,27 @@ static int SDBFlags_to_kflags(const struct SDBFlags *s,
 	if (s->initial) {
 		*k |= KRB5_KDB_DISALLOW_TGT_BASED;
 	}
-	if (!s->forwardable) {
-		*k |= KRB5_KDB_DISALLOW_FORWARDABLE;
+	/*
+	 * Do not set any disallow rules for forwardable, proxiable,
+	 * renewable, postdate and server.
+	 *
+	 * The KDC will take care setting the flags based on the incoming
+	 * ticket.
+	 */
+	if (s->forwardable) {
+		;
 	}
-	if (!s->proxiable) {
-		*k |= KRB5_KDB_DISALLOW_PROXIABLE;
+	if (s->proxiable) {
+		;
 	}
-	if (!s->renewable) {
-		*k |= KRB5_KDB_DISALLOW_RENEWABLE;
+	if (s->renewable) {
+		;
 	}
-	if (!s->postdate) {
-		*k |= KRB5_KDB_DISALLOW_POSTDATED;
+	if (s->postdate) {
+		;
 	}
-	if (!s->server) {
-		*k |= KRB5_KDB_DISALLOW_SVR;
+	if (s->server) {
+		;
 	}
 	if (s->client) {
 		;
author	Andreas Schneider <asn@samba.org>	2016-02-12 10:01:54 +0100
committer	Alexander Bokovoy <ab@samba.org>	2016-06-02 12:48:13 +0200
commit	84c4b91fc669353379a6ec3d81617693c9aff538 (patch)
tree	eaf8ca2cf0ebce661436ba47b9abb23dc5a575da
parent	db23c0fa97386062eea9c9982243fdecbf4133b9 (diff)
download	samba-84c4b91fc669353379a6ec3d81617693c9aff538.tar.gz