1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

HEIMDAL:kdc: make it possible to disable the principal based referral detection

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Stefan Metzmacher 2017-01-29 17:19:14 +01:00 committed by Andreas Schneider
parent b8bca7d08f
commit 209886e95c
3 changed files with 6 additions and 1 deletions

View File

@ -55,6 +55,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->preauth_use_strongest_session_key = FALSE;
c->tgs_use_strongest_session_key = FALSE;
c->use_strongest_server_key = TRUE;
c->autodetect_referrals = TRUE;
c->check_ticket_addresses = TRUE;
c->allow_null_ticket_addresses = TRUE;
c->allow_anonymous = FALSE;

View File

@ -69,6 +69,8 @@ typedef struct krb5_kdc_configuration {
krb5_boolean allow_anonymous;
enum krb5_kdc_trpolicy trpolicy;
krb5_boolean autodetect_referrals;
krb5_boolean enable_pkinit;
krb5_boolean pkinit_princ_in_cert;
const char *pkinit_kdc_identity;

View File

@ -1660,7 +1660,9 @@ server_lookup:
Realm req_rlm;
krb5_realm *realms;
if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
if (!config->autodetect_referrals) {
/* noop */
} else if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
if(nloop++ < 2) {
new_rlm = find_rpath(context, tgt->crealm, req_rlm);
if(new_rlm) {