|
Lines 537-542
check_constrained_delegation(krb5_contex
Link Here
|
| 537 |
if (krb5_principal_compare(context, client->entry.principal, server->entry.principal) == TRUE) |
537 |
if (krb5_principal_compare(context, client->entry.principal, server->entry.principal) == TRUE) |
| 538 |
return 0; |
538 |
return 0; |
| 539 |
|
539 |
|
|
|
540 |
/* It's also Ok if server contains REALM and delegates to itself */ |
| 541 |
{ |
| 542 |
krb5_principal tmp_princ; |
| 543 |
char *tmp_spn; |
| 544 |
ret = krb5_unparse_name_flags(context, server->entry.principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &tmp_spn); |
| 545 |
if (!ret) { |
| 546 |
ret = krb5_parse_name(context, tmp_spn, &tmp_princ); |
| 547 |
free(tmp_spn); |
| 548 |
if (!ret) { |
| 549 |
if(krb5_realm_compare(context, tmp_princ, server->entry.principal) && |
| 550 |
(krb5_principal_compare(context, client->entry.principal, tmp_princ) == TRUE)) { |
| 551 |
krb5_free_principal(context, tmp_princ); |
| 552 |
return 0; |
| 553 |
} |
| 554 |
krb5_free_principal(context, tmp_princ); |
| 555 |
} |
| 556 |
} |
| 557 |
} |
| 558 |
|
| 540 |
ret = hdb_entry_get_ConstrainedDelegACL(&client->entry, &acl); |
559 |
ret = hdb_entry_get_ConstrainedDelegACL(&client->entry, &acl); |
| 541 |
if (ret) { |
560 |
if (ret) { |
| 542 |
krb5_clear_error_message(context); |
561 |
krb5_clear_error_message(context); |