Commit 8fdff19c authored by Isaac Boukris's avatar Isaac Boukris Committed by Andrew Bartlett
Browse files

heimdal: apply disallow-forwardable on server in TGS request

upstream commit: 839b073facd2aecda6740224d73e560bc79965dc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233

Signed-off-by: default avatarIsaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider's avatarAndreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett's avatarAndrew Bartlett <abartlet@samba.org>
parent 197f97bc
^samba4.blackbox.krb5.s4u.test S4U2Proxy using received ticket
......@@ -866,6 +866,12 @@ tgs_make_reply(krb5_context context,
et.flags.anonymous = tgt->flags.anonymous;
et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate;
/* See MS-KILE 3.3.5.1 */
if (!server->entry.flags.forwardable)
et.flags.forwardable = 0;
if (!server->entry.flags.proxiable)
et.flags.proxiable = 0;
if(rspac->length) {
/*
* No not need to filter out the any PAC from the
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment