diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2008-10-11 03:12:21 +0200 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2008-10-11 03:12:21 +0200 |
commit | 0fd0fc75c46b39a611c7f9a56081105714d73e36 (patch) | |
tree | b93ef5e67e49a3aa49c37e13df3d6222b2df7095 /source4/heimdal/kdc/krb5tgs.c | |
parent | 69d38a95c29498c0266cb98b911faa3e7240c787 (diff) | |
parent | 47f7ef8f39ba482a7d6578ab82c9e0670381c4f8 (diff) | |
download | samba-0fd0fc75c46b39a611c7f9a56081105714d73e36.tar.gz samba-0fd0fc75c46b39a611c7f9a56081105714d73e36.tar.bz2 samba-0fd0fc75c46b39a611c7f9a56081105714d73e36.zip |
Merge branch 'master' of ssh://git.samba.org/data/git/samba into selftest
Conflicts:
selftest/selftest.pl
Diffstat (limited to 'source4/heimdal/kdc/krb5tgs.c')
-rw-r--r-- | source4/heimdal/kdc/krb5tgs.c | 34 |
1 files changed, 16 insertions, 18 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 19dff5e01d..d557da2a5b 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1393,6 +1393,8 @@ tgs_build_reply(krb5_context context, char opt_str[128]; int signedpath = 0; + Key *tkey; + memset(&sessionkey, 0, sizeof(sessionkey)); memset(&adtkt, 0, sizeof(adtkt)); krb5_data_zero(&rspac); @@ -1630,26 +1632,22 @@ server_lookup: } /* check PAC if not cross realm and if there is one */ - if (!cross_realm) { - Key *tkey; - - ret = hdb_enctype2key(context, &krbtgt->entry, - krbtgt_etype, &tkey); - if(ret) { - kdc_log(context, config, 0, + ret = hdb_enctype2key(context, &krbtgt->entry, + krbtgt_etype, &tkey); + if(ret) { + kdc_log(context, config, 0, "Failed to find key for krbtgt PAC check"); - goto out; - } + goto out; + } - ret = check_PAC(context, config, cp, - client, server, ekey, &tkey->key, - tgt, &rspac, &signedpath); - if (ret) { - kdc_log(context, config, 0, - "Verify PAC failed for %s (%s) from %s with %s", - spn, cpn, from, krb5_get_err_text(context, ret)); - goto out; - } + ret = check_PAC(context, config, cp, + client, server, ekey, &tkey->key, + tgt, &rspac, &signedpath); + if (ret) { + kdc_log(context, config, 0, + "Verify PAC failed for %s (%s) from %s with %s", + spn, cpn, from, krb5_get_err_text(context, ret)); + goto out; } /* also check the krbtgt for signature */ |