diff options
| author | Tom Yu <tlyu@mit.edu> | 2002-08-15 20:49:43 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2002-08-15 20:49:43 +0000 |
| commit | b019edf69c6a146fac5efeeb1a20dcece19d7280 (patch) | |
| tree | 3e81b079e877b8764e30373087e2cc3ecfab2635 /src/krb524 | |
| parent | e8269931299293e22180a2abf6da5ddbd4663676 (diff) | |
| download | krb5-b019edf69c6a146fac5efeeb1a20dcece19d7280.zip krb5-b019edf69c6a146fac5efeeb1a20dcece19d7280.tar.gz krb5-b019edf69c6a146fac5efeeb1a20dcece19d7280.tar.bz2 | |
* krb524d.c (kdc_get_server_key): Check for DISALLOW_ALL_TIX and
DISALLOW_SVR when looking up server key.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14728 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/krb524')
| -rw-r--r-- | src/krb524/ChangeLog | 5 | ||||
| -rw-r--r-- | src/krb524/krb524d.c | 8 |
2 files changed, 12 insertions, 1 deletions
diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog index 4b86104..0cb7947 100644 --- a/src/krb524/ChangeLog +++ b/src/krb524/ChangeLog @@ -1,3 +1,8 @@ +2002-08-15 Tom Yu <tlyu@mit.edu> + + * krb524d.c (kdc_get_server_key): Check for DISALLOW_ALL_TIX and + DISALLOW_SVR when looking up server key. + 2002-07-24 Ezra Peisach <epeisach@bu.edu> * krb524.h: Need to include port-sockets.h before socket-utils.h diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c index 4d55b88..ad7c439 100644 --- a/src/krb524/krb524d.c +++ b/src/krb524/krb524d.c @@ -452,9 +452,15 @@ krb5_error_code kdc_get_server_key(context, service, key, kvnop, ktype, kvno) kadm5_principal_ent_rec server; if ((ret = kadm5_get_principal(handle, service, &server, - KADM5_KEY_DATA))) + KADM5_KEY_DATA|KADM5_ATTRIBUTES))) return ret; + if (server.attributes & KRB5_KDB_DISALLOW_ALL_TIX + || server.attributes & KRB5_KDB_DISALLOW_SVR) { + kadm5_free_principal_ent(handle, &server); + return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; + } + /* * We try kadm5_decrypt_key twice because in the case of a * ENCTYPE_DES_CBC_CRC key, we prefer to find a krb4 salt type |