Filter out constrained delegation ACL from KDB entry

Commit f78dc0b163 was missing an exception for the constrained
delegation ACL TL data type during the principal entry update operation.
This ACL is not meant to be stored as encoded data in krbExtraData.

Signed-off-by: Julien Rische <jrische@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Julien Rische 2023-04-17 15:43:00 +02:00 committed by Florence Blanc-Renaud
parent 3f1b373cb2
commit 545a363dd2

View File

@ -2063,6 +2063,7 @@ done:
static bool should_filter_out_attr(krb5_tl_data *data)
{
switch (data->tl_data_type) {
case KRB5_TL_CONSTRAINED_DELEGATION_ACL:
case KRB5_TL_DB_ARGS:
case KRB5_TL_KADM_DATA:
case KRB5_TL_LAST_ADMIN_UNLOCK: