diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-10-28 21:07:52 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-11-04 16:06:57 +1100 |
commit | 2fc5ca8409ba0ad40236608bc1ca5f4f5f39445a (patch) | |
tree | 532a77c648089d7e9d41809ed90df6df55437b81 | |
parent | 169f90640864fab9fcb10665c79879b161a56329 (diff) | |
download | samba-2fc5ca8409ba0ad40236608bc1ca5f4f5f39445a.tar.gz samba-2fc5ca8409ba0ad40236608bc1ca5f4f5f39445a.tar.bz2 samba-2fc5ca8409ba0ad40236608bc1ca5f4f5f39445a.zip |
Re-add support for supporting the PAC over domain trusts.
(This was not entered in lorikeet-heimdal.diff, so missed by metze's import).
Andrew Bartlett
-rw-r--r-- | source4/heimdal/kdc/krb5tgs.c | 36 |
1 files changed, 17 insertions, 19 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index b986279ad4..4cf93e5a54 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1376,6 +1376,7 @@ tgs_build_reply(krb5_context context, krb5_realm ref_realm = NULL; EncTicketPart *tgt = &ticket->ticket; KRB5SignedPathPrincipals *spp = NULL; + Key *tkey; const EncryptionKey *ekey; krb5_keyblock sessionkey; krb5_kvno kvno; @@ -1627,27 +1628,24 @@ server_lookup: goto out; } - /* check PAC if not cross realm and if there is one */ - if (!cross_realm) { - Key *tkey; + /* check PAC if there is one */ - ret = hdb_enctype2key(context, &krbtgt->entry, - krbtgt_etype, &tkey); - if(ret) { - kdc_log(context, config, 0, - "Failed to find key for krbtgt PAC check"); - goto out; - } + ret = hdb_enctype2key(context, &krbtgt->entry, + krbtgt_etype, &tkey); + if(ret) { + kdc_log(context, config, 0, + "Failed to find key for krbtgt PAC check"); + goto out; + } - ret = check_PAC(context, config, cp, - client, server, ekey, &tkey->key, - tgt, &rspac, &signedpath); - if (ret) { - kdc_log(context, config, 0, - "Verify PAC failed for %s (%s) from %s with %s", - spn, cpn, from, krb5_get_err_text(context, ret)); - goto out; - } + ret = check_PAC(context, config, cp, + client, server, ekey, &tkey->key, + tgt, &rspac, &signedpath); + if (ret) { + kdc_log(context, config, 0, + "Verify PAC failed for %s (%s) from %s with %s", + spn, cpn, from, krb5_get_err_text(context, ret)); + goto out; } /* also check the krbtgt for signature */ |