summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/krb5/transited.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/krb5/transited.c')
-rw-r--r--crypto/heimdal/lib/krb5/transited.c31
1 files changed, 30 insertions, 1 deletions
diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c
index 2295551..1faf378 100644
--- a/crypto/heimdal/lib/krb5/transited.c
+++ b/crypto/heimdal/lib/krb5/transited.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: transited.c,v 1.6 2000/02/07 03:19:43 assar Exp $");
+RCSID("$Id: transited.c,v 1.7 2000/02/07 13:30:41 joda Exp $");
/* this is an attempt at one of the most horrible `compression'
schemes that has ever been invented; it's so amazingly brain-dead
@@ -363,6 +363,35 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding)
return 0;
}
+krb5_error_code
+krb5_check_transited_realms(krb5_context context,
+ const char *const *realms,
+ int num_realms,
+ int *bad_realm)
+{
+ int i;
+ int ret = 0;
+ char **bad_realms = krb5_config_get_strings(context, NULL,
+ "libdefaults",
+ "transited_realms_reject",
+ NULL);
+ if(bad_realms == NULL)
+ return 0;
+
+ for(i = 0; i < num_realms; i++) {
+ char **p;
+ for(p = bad_realms; *p; p++)
+ if(strcmp(*p, realms[i]) == 0) {
+ ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
+ if(bad_realm)
+ *bad_realm = i;
+ break;
+ }
+ }
+ krb5_config_free_strings(bad_realms);
+ return ret;
+}
+
#if 0
int
main(int argc, char **argv)
OpenPOWER on IntegriCloud