avoid a redundant call to is_local_principal()

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/s4u@22525 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 5 insertions, 3 deletions

diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 1ef8deb..af5bef4 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -438,7 +438,8 @@ tgt_again:
     /* processing of any of these flags.  For example, some */
     /* realms may refuse to issue renewable tickets         */
 
-    if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE))
+    if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE) &&
+        isflagset(header_enc_tkt->flags, TKT_FLG_FORWARDABLE))
         setflag(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
     if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) {
         if (isflagset(client.attributes, KRB5_KDB_DISALLOW_FORWARDABLE) ||
@@ -456,7 +457,8 @@ tgt_again:
     if (isflagset(header_enc_tkt->flags, TKT_FLG_FORWARDED))
         setflag(enc_tkt_reply.flags, TKT_FLG_FORWARDED);
 
-    if (isflagset(request->kdc_options, KDC_OPT_PROXIABLE))
+    if (isflagset(request->kdc_options, KDC_OPT_PROXIABLE) &&
+        isflagset(header_enc_tkt->flags, TKT_FLG_PROXIABLE))
         setflag(enc_tkt_reply.flags, TKT_FLG_PROXIABLE);
 
     if (isflagset(request->kdc_options, KDC_OPT_PROXY)) {
@@ -664,7 +666,7 @@ tgt_again:
     enc_tkt_reply.authorization_data = NULL;
 
     if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) &&
-        is_local_principal(header_enc_tkt->client))
+        isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM))
         enc_tkt_reply.client = s4u_x509_user->user_id.user;
     else
         enc_tkt_reply.client = header_enc_tkt->client;