From c5bea98ddb2f7967df572160f639da3cba381a87 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 29 Nov 2010 11:24:08 +1100 Subject: s4:heimdal: import lorikeet-heimdal-201012010201 (commit 81fe27bcc0148d410ca4617f8759b9df1a5e935c) --- source4/heimdal/lib/krb5/get_cred.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/heimdal/lib/krb5/get_cred.c') diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 901182192d..e06d4a12be 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -768,7 +768,8 @@ get_cred_kdc_capath_worker(krb5_context context, ret = find_cred(context, ccache, tmp_creds.server, *ret_tgts, &tgts); if(ret == 0){ - if (strcmp(try_realm, client_realm) != 0) + /* only allow implicit ok_as_delegate if the realm is the clients realm */ + if (strcmp(try_realm, client_realm) != 0 || strcmp(try_realm, server_realm) != 0) ok_as_delegate = tgts.flags.b.ok_as_delegate; *out_creds = calloc(1, sizeof(**out_creds)); -- cgit