third_party/heimdal: Import lorikeet-heimdal-202503211047 (commit 752fd2fc0d7e48791df...

author Stefan Metzmacher <metze@samba.org>

Wed, 19 Mar 2025 23:22:34 +0000 (00:22 +0100)

committer Ralph Boehme <slow@samba.org>

Thu, 3 Apr 2025 09:36:31 +0000 (09:36 +0000)
author Stefan Metzmacher <metze@samba.org>
Wed, 19 Mar 2025 23:22:34 +0000 (00:22 +0100)
committer Ralph Boehme <slow@samba.org>
Thu, 3 Apr 2025 09:36:31 +0000 (09:36 +0000)
diff --git a/third_party/heimdal/kdc/mssfu.c b/third_party/heimdal/kdc/mssfu.c

index 471e193f5446829c8eca22066209f19b1c0987c3..554e2f2112ab66ba282b937c655b410269c19048 100644 (file)
--- a/third_party/heimdal/kdc/mssfu.c
+++ b/third_party/heimdal/kdc/mssfu.c
@@ -411,6 +411,19 @@ _kdc_validate_constrained_delegation(astgs_request_t r)
         goto out;
      }
  
+    /*
+     * We require that the delegating server (r->client) is local
+     * and was found in the local database.
+     */
+    if (r->client == NULL) {
+       ret = KRB5KDC_ERR_BADOPTION;
+       kdc_audit_addreason((kdc_request_t)r, "Remote delegating server");
+       kdc_log(r->context, r->config, 4,
+               "Constrained delegation without local delegating server, %s/%s",
+               r->cname, r->sname);
+       goto out;
+    }
+
      t = &b->additional_tickets->val[0];
  
      ret = _krb5_principalname2krb5_principal(r->context,
author	Stefan Metzmacher <metze@samba.org>
	Wed, 19 Mar 2025 23:22:34 +0000 (00:22 +0100)
committer	Ralph Boehme <slow@samba.org>
	Thu, 3 Apr 2025 09:36:31 +0000 (09:36 +0000)