From b019edf69c6a146fac5efeeb1a20dcece19d7280 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Thu, 15 Aug 2002 20:49:43 +0000 Subject: [PATCH] * krb524d.c (kdc_get_server_key): Check for DISALLOW_ALL_TIX and DISALLOW_SVR when looking up server key. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14728 dc483132-0cff-0310-8789-dd5450dbe970 --- src/krb524/ChangeLog | 5 +++++ src/krb524/krb524d.c | 8 +++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog index 4b86104e1..0cb7947e5 100644 --- a/src/krb524/ChangeLog +++ b/src/krb524/ChangeLog @@ -1,3 +1,8 @@ +2002-08-15 Tom Yu + + * krb524d.c (kdc_get_server_key): Check for DISALLOW_ALL_TIX and + DISALLOW_SVR when looking up server key. + 2002-07-24 Ezra Peisach * krb524.h: Need to include port-sockets.h before socket-utils.h diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c index 4d55b88a2..ad7c43978 100644 --- a/src/krb524/krb524d.c +++ b/src/krb524/krb524d.c @@ -452,9 +452,15 @@ krb5_error_code kdc_get_server_key(context, service, key, kvnop, ktype, kvno) kadm5_principal_ent_rec server; if ((ret = kadm5_get_principal(handle, service, &server, - KADM5_KEY_DATA))) + KADM5_KEY_DATA|KADM5_ATTRIBUTES))) return ret; + if (server.attributes & KRB5_KDB_DISALLOW_ALL_TIX + || server.attributes & KRB5_KDB_DISALLOW_SVR) { + kadm5_free_principal_ent(handle, &server); + return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; + } + /* * We try kadm5_decrypt_key twice because in the case of a * ENCTYPE_DES_CBC_CRC key, we prefer to find a krb4 salt type -- 2.26.2