From 539f2cdc51effbc42aca9be4fd33aa73588695d9 Mon Sep 17 00:00:00 2001
From: Isaac Boukris <iboukris@gmail.com>
Date: Mon, 13 Jan 2020 23:42:54 +0100
Subject: [PATCH] heimdal: apply DelgationNotAllowed in TGS request

Signed-off-by: Isaac Boukris <iboukris@samba.org>
---
 source4/heimdal/kdc/krb5tgs.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index ee3ac3d8f53..bf913a662b6 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -866,6 +866,11 @@ tgs_make_reply(krb5_context context,
     et.flags.anonymous   = tgt->flags.anonymous;
     et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate;
 
+    if (!server->entry.flags.forwardable)
+        et.flags.forwardable = 0;
+    if (!server->entry.flags.proxiable)
+        et.flags.proxiable = 0;
+
     if(rspac->length) {
 	/*
 	 * No not need to filter out the any PAC from the
-- 
2.21.1