summaryrefslogtreecommitdiff
path: root/source4/heimdal/kdc
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-10-28 21:07:52 +1100
committerAndrew Bartlett <abartlet@samba.org>2008-11-04 16:06:57 +1100
commit2fc5ca8409ba0ad40236608bc1ca5f4f5f39445a (patch)
tree532a77c648089d7e9d41809ed90df6df55437b81 /source4/heimdal/kdc
parent169f90640864fab9fcb10665c79879b161a56329 (diff)
downloadsamba-2fc5ca8409ba0ad40236608bc1ca5f4f5f39445a.tar.gz
samba-2fc5ca8409ba0ad40236608bc1ca5f4f5f39445a.tar.bz2
samba-2fc5ca8409ba0ad40236608bc1ca5f4f5f39445a.zip
Re-add support for supporting the PAC over domain trusts.
(This was not entered in lorikeet-heimdal.diff, so missed by metze's import). Andrew Bartlett
Diffstat (limited to 'source4/heimdal/kdc')
-rw-r--r--source4/heimdal/kdc/krb5tgs.c36
1 files changed, 17 insertions, 19 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index b986279ad4..4cf93e5a54 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1376,6 +1376,7 @@ tgs_build_reply(krb5_context context,
krb5_realm ref_realm = NULL;
EncTicketPart *tgt = &ticket->ticket;
KRB5SignedPathPrincipals *spp = NULL;
+ Key *tkey;
const EncryptionKey *ekey;
krb5_keyblock sessionkey;
krb5_kvno kvno;
@@ -1627,27 +1628,24 @@ server_lookup:
goto out;
}
- /* check PAC if not cross realm and if there is one */
- if (!cross_realm) {
- Key *tkey;
+ /* check PAC if there is one */
- ret = hdb_enctype2key(context, &krbtgt->entry,
- krbtgt_etype, &tkey);
- if(ret) {
- kdc_log(context, config, 0,
- "Failed to find key for krbtgt PAC check");
- goto out;
- }
+ ret = hdb_enctype2key(context, &krbtgt->entry,
+ krbtgt_etype, &tkey);
+ if(ret) {
+ kdc_log(context, config, 0,
+ "Failed to find key for krbtgt PAC check");
+ goto out;
+ }
- ret = check_PAC(context, config, cp,
- client, server, ekey, &tkey->key,
- tgt, &rspac, &signedpath);
- if (ret) {
- kdc_log(context, config, 0,
- "Verify PAC failed for %s (%s) from %s with %s",
- spn, cpn, from, krb5_get_err_text(context, ret));
- goto out;
- }
+ ret = check_PAC(context, config, cp,
+ client, server, ekey, &tkey->key,
+ tgt, &rspac, &signedpath);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Verify PAC failed for %s (%s) from %s with %s",
+ spn, cpn, from, krb5_get_err_text(context, ret));
+ goto out;
}
/* also check the krbtgt for signature */