diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2008-10-02 11:29:34 -0700 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2008-10-06 14:28:27 -0700 |
| commit | 6a5547742f0b87017e4d21c80ec8facece6688d0 (patch) | |
| tree | 942f0fd0a6a8a26eb8fb6d81c25bc7c65472ebb8 /source4/heimdal/kdc | |
| parent | 912209ac84395ef0e2fca0556b1e4bec34367b5c (diff) | |
| download | samba-6a5547742f0b87017e4d21c80ec8facece6688d0.tar.gz samba-6a5547742f0b87017e4d21c80ec8facece6688d0.tar.bz2 samba-6a5547742f0b87017e4d21c80ec8facece6688d0.zip | |
Allow the PAC to be passed along during cross-realm authentication
Diffstat (limited to 'source4/heimdal/kdc')
| -rw-r--r-- | source4/heimdal/kdc/krb5tgs.c | 34 |
1 files changed, 16 insertions, 18 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 19dff5e01d..d557da2a5b 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1393,6 +1393,8 @@ tgs_build_reply(krb5_context context, char opt_str[128]; int signedpath = 0; + Key *tkey; + memset(&sessionkey, 0, sizeof(sessionkey)); memset(&adtkt, 0, sizeof(adtkt)); krb5_data_zero(&rspac); @@ -1630,26 +1632,22 @@ server_lookup: } /* check PAC if not cross realm and if there is one */ - if (!cross_realm) { - Key *tkey; - - ret = hdb_enctype2key(context, &krbtgt->entry, - krbtgt_etype, &tkey); - if(ret) { - kdc_log(context, config, 0, + ret = hdb_enctype2key(context, &krbtgt->entry, + krbtgt_etype, &tkey); + if(ret) { + kdc_log(context, config, 0, "Failed to find key for krbtgt PAC check"); - goto out; - } + goto out; + } - ret = check_PAC(context, config, cp, - client, server, ekey, &tkey->key, - tgt, &rspac, &signedpath); - if (ret) { - kdc_log(context, config, 0, - "Verify PAC failed for %s (%s) from %s with %s", - spn, cpn, from, krb5_get_err_text(context, ret)); - goto out; - } + ret = check_PAC(context, config, cp, + client, server, ekey, &tkey->key, + tgt, &rspac, &signedpath); + if (ret) { + kdc_log(context, config, 0, + "Verify PAC failed for %s (%s) from %s with %s", + spn, cpn, from, krb5_get_err_text(context, ret)); + goto out; } /* also check the krbtgt for signature */ |