diff options
author | Andreas Schneider <asn@samba.org> | 2016-02-12 10:01:54 +0100 |
---|---|---|
committer | Alexander Bokovoy <ab@samba.org> | 2016-06-02 12:48:13 +0200 |
commit | 84c4b91fc669353379a6ec3d81617693c9aff538 (patch) | |
tree | eaf8ca2cf0ebce661436ba47b9abb23dc5a575da | |
parent | db23c0fa97386062eea9c9982243fdecbf4133b9 (diff) | |
download | samba-84c4b91fc669353379a6ec3d81617693c9aff538.tar.gz |
sdb: Do not set disallow if we do not have ticket info in the DB
These things are applied by the incoming ticket by the KDC.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
-rw-r--r-- | source4/kdc/sdb_to_kdb.c | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/source4/kdc/sdb_to_kdb.c b/source4/kdc/sdb_to_kdb.c index 9e0950c686a..5d4be53725b 100644 --- a/source4/kdc/sdb_to_kdb.c +++ b/source4/kdc/sdb_to_kdb.c @@ -36,20 +36,27 @@ static int SDBFlags_to_kflags(const struct SDBFlags *s, if (s->initial) { *k |= KRB5_KDB_DISALLOW_TGT_BASED; } - if (!s->forwardable) { - *k |= KRB5_KDB_DISALLOW_FORWARDABLE; + /* + * Do not set any disallow rules for forwardable, proxiable, + * renewable, postdate and server. + * + * The KDC will take care setting the flags based on the incoming + * ticket. + */ + if (s->forwardable) { + ; } - if (!s->proxiable) { - *k |= KRB5_KDB_DISALLOW_PROXIABLE; + if (s->proxiable) { + ; } - if (!s->renewable) { - *k |= KRB5_KDB_DISALLOW_RENEWABLE; + if (s->renewable) { + ; } - if (!s->postdate) { - *k |= KRB5_KDB_DISALLOW_POSTDATED; + if (s->postdate) { + ; } - if (!s->server) { - *k |= KRB5_KDB_DISALLOW_SVR; + if (s->server) { + ; } if (s->client) { ; |