1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4:kdc: Add comment stating that policies aren’t looked up for S4U clients

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Joseph Sutton 2023-06-20 12:57:27 +12:00 committed by Stefan Metzmacher
parent 8b1897f02e
commit f3714a3e3a

View File

@ -1401,6 +1401,10 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
* A principal acting as a client that is not being looked up as the
* principal of an armor ticket may have an authentication policy apply
* to it.
*
* We wont get an authentication policy for the client of an S4U2Self
* or S4U2Proxy request. Those clients are looked up with
* SDB_F_FOR_TGS_REQ instead of with SDB_F_FOR_AS_REQ.
*/
if (ent_type == SAMBA_KDC_ENT_TYPE_CLIENT &&
(flags & SDB_F_FOR_AS_REQ) &&