git.samba.org
/
metze
/
heimdal
/
wip.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
2f013b0
)
kdc: do not include PAC for anonymous AS requests
author
Luke Howard
<lukeh@padl.com>
Thu, 2 May 2019 06:57:51 +0000
(16:57 +1000)
committer
Jeffrey Altman
<jaltman@auristor.com>
Tue, 14 May 2019 19:16:19 +0000
(15:16 -0400)
The PAC will typically contain information that may reveal the identity of a
principal. Do not include it for anonymous requests, at least until such time
as the PAC plugin API supports indicating that the request was anonymous.
kdc/kerberos5.c
patch
|
blob
|
history
diff --git
a/kdc/kerberos5.c
b/kdc/kerberos5.c
index d189b778345bd9c50850b0545ae319a116b1c714..9d6bedb1004feb63923943e734e2ca7cee002b25 100644
(file)
--- a/
kdc/kerberos5.c
+++ b/
kdc/kerberos5.c
@@
-2239,7
+2239,7
@@
_kdc_as_rep(kdc_request_t r,
}
/* Add the PAC */
- if (send_pac_p(context, req)) {
+ if (send_pac_p(context, req)
&& !_kdc_is_anon_request(b)
) {
generate_pac(r, skey);
}