summaryrefslogtreecommitdiff
path: root/source4/heimdal/kdc
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2007-02-19 13:38:11 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:48:37 -0500
commit544e17896eb52efea904be2bcd821185c6d1b4c9 (patch)
treec83360d8fc9288547963d5693ede7065a9cd63c9 /source4/heimdal/kdc
parenteaaf246d4fa42df5e590ee5bfe54e672abd26b02 (diff)
downloadsamba-544e17896eb52efea904be2bcd821185c6d1b4c9.tar.gz
samba-544e17896eb52efea904be2bcd821185c6d1b4c9.tar.bz2
samba-544e17896eb52efea904be2bcd821185c6d1b4c9.zip
r21447: make handling of replying e_data more generic
love: please merge this metze (This used to be commit 3e4ff2de9c57170d275adf54ffa00ac81253a714)
Diffstat (limited to 'source4/heimdal/kdc')
-rw-r--r--source4/heimdal/kdc/kerberos5.c30
1 files changed, 12 insertions, 18 deletions
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index dbea7e3268..3d45c1099c 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -915,6 +915,7 @@ _kdc_as_rep(krb5_context context,
char *client_name = NULL, *server_name = NULL;
krb5_error_code ret = 0;
const char *e_text = NULL;
+ krb5_data e_data;
krb5_crypto crypto;
Key *ckey, *skey;
EncryptionKey *reply_key;
@@ -923,6 +924,7 @@ _kdc_as_rep(krb5_context context,
#endif
memset(&rep, 0, sizeof(rep));
+ memset(&e_data, 0, sizeof(e_data));
if(b->sname == NULL){
ret = KRB5KRB_ERR_GENERIC;
@@ -1208,7 +1210,6 @@ _kdc_as_rep(krb5_context context,
PA_DATA *pa;
unsigned char *buf;
size_t len;
- krb5_data foo_data;
use_pa:
method_data.len = 0;
@@ -1248,25 +1249,17 @@ _kdc_as_rep(krb5_context context,
ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
free_METHOD_DATA(&method_data);
- foo_data.data = buf;
- foo_data.length = len;
-
+
+ e_data.data = buf;
+ e_data.length = len;
+ e_text ="Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
- krb5_mk_error(context,
- ret,
- "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
- &foo_data,
- client_princ,
- server_princ,
- NULL,
- NULL,
- reply);
- free(buf);
+
kdc_log(context, config, 0,
"No preauth found, returning PREAUTH-REQUIRED -- %s",
client_name);
- ret = 0;
- goto out2;
+
+ goto out;
}
/*
@@ -1615,7 +1608,7 @@ out:
krb5_mk_error(context,
ret,
e_text,
- NULL,
+ (e_data.data ? &e_data : NULL),
client_princ,
server_princ,
NULL,
@@ -1623,11 +1616,12 @@ out:
reply);
ret = 0;
}
-out2:
#ifdef PKINIT
if (pkp)
_kdc_pk_free_client_param(context, pkp);
#endif
+ if (e_data.data)
+ free(e_data.data);
if (client_princ)
krb5_free_principal(context, client_princ);
free(client_name);