Lines 537-542
check_constrained_delegation(krb5_contex
|
Link Here
|
---|
|
537 |
if (krb5_principal_compare(context, client->entry.principal, server->entry.principal) == TRUE) |
537 |
if (krb5_principal_compare(context, client->entry.principal, server->entry.principal) == TRUE) |
538 |
return 0; |
538 |
return 0; |
539 |
|
539 |
|
|
|
540 |
/* It's also Ok if server contains REALM and delegates to itself */ |
541 |
{ |
542 |
krb5_principal tmp_princ; |
543 |
char *tmp_spn; |
544 |
ret = krb5_unparse_name_flags(context, server->entry.principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &tmp_spn); |
545 |
if (!ret) { |
546 |
ret = krb5_parse_name(context, tmp_spn, &tmp_princ); |
547 |
free(tmp_spn); |
548 |
if (!ret) { |
549 |
if(krb5_realm_compare(context, tmp_princ, server->entry.principal) && |
550 |
(krb5_principal_compare(context, client->entry.principal, tmp_princ) == TRUE)) { |
551 |
krb5_free_principal(context, tmp_princ); |
552 |
return 0; |
553 |
} |
554 |
krb5_free_principal(context, tmp_princ); |
555 |
} |
556 |
} |
557 |
} |
558 |
|
540 |
ret = hdb_entry_get_ConstrainedDelegACL(&client->entry, &acl); |
559 |
ret = hdb_entry_get_ConstrainedDelegACL(&client->entry, &acl); |
541 |
if (ret) { |
560 |
if (ret) { |
542 |
krb5_clear_error_message(context); |
561 |
krb5_clear_error_message(context); |