git.samba.org
/
lorikeet-heimdal.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
271eb0f
)
kdc: Allow requesting no PAC for AS-REQ to non-TGS server
author
Joseph Sutton
<josephsutton@catalyst.net.nz>
Tue, 4 Jan 2022 21:25:31 +0000
(10:25 +1300)
committer
Joseph Sutton
<josephsutton@catalyst.net.nz>
Wed, 3 May 2023 04:13:16 +0000
(16:13 +1200)
Note that we still get a PAC even if the NO_AUTH_DATA_REQUIRED flag is
set, which matches Windows behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
kdc/kerberos5.c
patch
|
blob
|
history
diff --git
a/kdc/kerberos5.c
b/kdc/kerberos5.c
index 1cde438de624b0c9dd9aaafa037e145a42a30272..98d03d36b6f13f98f2f67524ff7e60a80560f90c 100644
(file)
--- a/
kdc/kerberos5.c
+++ b/
kdc/kerberos5.c
@@
-1848,7
+1848,7
@@
generate_pac(astgs_request_t r, const Key *skey, const Key *tkey,
kdc_audit_setkv_number((kdc_request_t)r, "pac_attributes",
r->pac_attributes);
- if (!
_kdc_include_pac_p(r
))
+ if (!
is_tgs && !(r->pac_attributes & (KRB5_PAC_WAS_REQUESTED | KRB5_PAC_WAS_GIVEN_IMPLICITLY)
))
return 0;
/*