diff options
author | Luke Howard <lukeh@padl.com> | 2008-12-29 14:49:04 +0000 |
---|---|---|
committer | Luke Howard <lukeh@padl.com> | 2008-12-29 14:49:04 +0000 |
commit | aa3299217b86dbcb40761cd8d9bc7178cea3f371 (patch) | |
tree | e1dc7b639a6716ee5e7bb293563dae5e456b3e56 | |
parent | 61874c699969965c4ab469904874699c9702a298 (diff) | |
download | krb5-aa3299217b86dbcb40761cd8d9bc7178cea3f371.zip krb5-aa3299217b86dbcb40761cd8d9bc7178cea3f371.tar.gz krb5-aa3299217b86dbcb40761cd8d9bc7178cea3f371.tar.bz2 |
cleanup
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mskrb-integ@21630 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/kdc/do_tgs_req.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 41daa68..a13b2a2 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -121,7 +121,7 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from, krb5_authdata **kdc_issued_auth_data = NULL; /* auth data issued by KDC */ unsigned int c_flags = 0, s_flags = 0; /* client/server KDB flags */ char *s4u_name = NULL; - krb5_boolean is_referral; + krb5_boolean is_referral = FALSE; session_key.contents = NULL; @@ -256,8 +256,11 @@ tgt_again: if (!is_local_principal(header_enc_tkt->client)) setflag(c_flags, KRB5_KDB_FLAG_CROSS_REALM); - is_referral = krb5_is_tgs_principal(server.princ) && - !krb5_principal_compare(kdc_context, tgs_server, server.princ); + if (krb5_is_tgs_principal(server.princ) && + !krb5_principal_compare(kdc_context, tgs_server, server.princ)) { + assert(!isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)); + is_referral = TRUE; + } /* Check for protocol transition */ errcode = kdc_process_s4u2self_req(kdc_context, request, header_enc_tkt->client, @@ -643,7 +646,7 @@ tgt_again: goto cleanup; } - if (isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) { + if (is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) { errcode = return_svr_referral_data(kdc_context, &server, &reply_encpart); if (errcode) { |