summaryrefslogtreecommitdiff
path: root/source4/heimdal
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-10-02 11:29:34 -0700
committerAndrew Bartlett <abartlet@samba.org>2008-10-06 14:28:27 -0700
commit6a5547742f0b87017e4d21c80ec8facece6688d0 (patch)
tree942f0fd0a6a8a26eb8fb6d81c25bc7c65472ebb8 /source4/heimdal
parent912209ac84395ef0e2fca0556b1e4bec34367b5c (diff)
downloadsamba-6a5547742f0b87017e4d21c80ec8facece6688d0.tar.gz
samba-6a5547742f0b87017e4d21c80ec8facece6688d0.tar.bz2
samba-6a5547742f0b87017e4d21c80ec8facece6688d0.zip
Allow the PAC to be passed along during cross-realm authentication
Diffstat (limited to 'source4/heimdal')
-rw-r--r--source4/heimdal/kdc/krb5tgs.c34
1 files changed, 16 insertions, 18 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 19dff5e01d..d557da2a5b 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1393,6 +1393,8 @@ tgs_build_reply(krb5_context context,
char opt_str[128];
int signedpath = 0;
+ Key *tkey;
+
memset(&sessionkey, 0, sizeof(sessionkey));
memset(&adtkt, 0, sizeof(adtkt));
krb5_data_zero(&rspac);
@@ -1630,26 +1632,22 @@ server_lookup:
}
/* check PAC if not cross realm and if there is one */
- if (!cross_realm) {
- Key *tkey;
-
- ret = hdb_enctype2key(context, &krbtgt->entry,
- krbtgt_etype, &tkey);
- if(ret) {
- kdc_log(context, config, 0,
+ ret = hdb_enctype2key(context, &krbtgt->entry,
+ krbtgt_etype, &tkey);
+ if(ret) {
+ kdc_log(context, config, 0,
"Failed to find key for krbtgt PAC check");
- goto out;
- }
+ goto out;
+ }
- ret = check_PAC(context, config, cp,
- client, server, ekey, &tkey->key,
- tgt, &rspac, &signedpath);
- if (ret) {
- kdc_log(context, config, 0,
- "Verify PAC failed for %s (%s) from %s with %s",
- spn, cpn, from, krb5_get_err_text(context, ret));
- goto out;
- }
+ ret = check_PAC(context, config, cp,
+ client, server, ekey, &tkey->key,
+ tgt, &rspac, &signedpath);
+ if (ret) {
+ kdc_log(context, config, 0,
+ "Verify PAC failed for %s (%s) from %s with %s",
+ spn, cpn, from, krb5_get_err_text(context, ret));
+ goto out;
}
/* also check the krbtgt for signature */
generated by cgit (git 2.34.1) at 2024-06-13 09:50:43 +0000