Implement s4u extensions

Merge Luke's users/lhoward/s4u branch to trunk. Implements S4U2Self and S4U2Proxy extensions. ticket: 6563 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22736 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2009-09-13 02:52:23 +0000
committer: Greg Hudson <ghudson@mit.edu> 2009-09-13 02:52:23 +0000
commit: 0e39f8a3ad915eeb0131fb4a87b0fef304101cfd (patch)
tree: 6c6d7fd4b23f4724156300b5505433b13cfe9fb6 /src/kdc/kdc_authdata.c
parent: f89b62fe9fd7b0cb10d7e2ff542fb18c1b56d35d (diff)
download: krb5-0e39f8a3ad915eeb0131fb4a87b0fef304101cfd.zip
krb5-0e39f8a3ad915eeb0131fb4a87b0fef304101cfd.tar.gz
krb5-0e39f8a3ad915eeb0131fb4a87b0fef304101cfd.tar.bz2
1 files changed, 9 insertions, 0 deletions
diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c
index 43ea086..504d3fb 100644
--- a/src/kdc/kdc_authdata.c
+++ b/src/kdc/kdc_authdata.c
@@ -544,9 +544,18 @@ handle_tgt_authdata (krb5_context context,
     }
 
     if (ad_nprincs != 0) {
+	/*
+	 * This code was submitted by Novell; however there is no
+	 * mention in [MS-SFU] of needing to examine the authorization
+	 * data to clear the forwardable flag. My understanding is that
+	 * the state of the forwardable flag is propagated through the
+	 * cross-realm TGTs.
+	 */
+#if 0
 	if (isflagset(flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) &&
 	    isflagset(ad_entry.attributes, KRB5_KDB_DISALLOW_FORWARDABLE))
 	    clear(enc_tkt_reply->flags, TKT_FLG_FORWARDABLE);
+#endif
 
 	krb5_db_free_principal(context, &ad_entry, ad_nprincs);
author	Greg Hudson <ghudson@mit.edu>	2009-09-13 02:52:23 +0000
committer	Greg Hudson <ghudson@mit.edu>	2009-09-13 02:52:23 +0000
commit	0e39f8a3ad915eeb0131fb4a87b0fef304101cfd (patch)
tree	6c6d7fd4b23f4724156300b5505433b13cfe9fb6 /src/kdc/kdc_authdata.c
parent	f89b62fe9fd7b0cb10d7e2ff542fb18c1b56d35d (diff)
download	krb5-0e39f8a3ad915eeb0131fb4a87b0fef304101cfd.zip krb5-0e39f8a3ad915eeb0131fb4a87b0fef304101cfd.tar.gz krb5-0e39f8a3ad915eeb0131fb4a87b0fef304101cfd.tar.bz2