summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/heimdal/kdc/kerberos5.c30
1 files changed, 12 insertions, 18 deletions
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index dbea7e3268..3d45c1099c 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -915,6 +915,7 @@ _kdc_as_rep(krb5_context context,
char *client_name = NULL, *server_name = NULL;
krb5_error_code ret = 0;
const char *e_text = NULL;
+ krb5_data e_data;
krb5_crypto crypto;
Key *ckey, *skey;
EncryptionKey *reply_key;
@@ -923,6 +924,7 @@ _kdc_as_rep(krb5_context context,
#endif
memset(&rep, 0, sizeof(rep));
+ memset(&e_data, 0, sizeof(e_data));
if(b->sname == NULL){
ret = KRB5KRB_ERR_GENERIC;
@@ -1208,7 +1210,6 @@ _kdc_as_rep(krb5_context context,
PA_DATA *pa;
unsigned char *buf;
size_t len;
- krb5_data foo_data;
use_pa:
method_data.len = 0;
@@ -1248,25 +1249,17 @@ _kdc_as_rep(krb5_context context,
ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
free_METHOD_DATA(&method_data);
- foo_data.data = buf;
- foo_data.length = len;
-
+
+ e_data.data = buf;
+ e_data.length = len;
+ e_text ="Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
- krb5_mk_error(context,
- ret,
- "Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ",
- &foo_data,
- client_princ,
- server_princ,
- NULL,
- NULL,
- reply);
- free(buf);
+
kdc_log(context, config, 0,
"No preauth found, returning PREAUTH-REQUIRED -- %s",
client_name);
- ret = 0;
- goto out2;
+
+ goto out;
}
/*
@@ -1615,7 +1608,7 @@ out:
krb5_mk_error(context,
ret,
e_text,
- NULL,
+ (e_data.data ? &e_data : NULL),
client_princ,
server_princ,
NULL,
@@ -1623,11 +1616,12 @@ out:
reply);
ret = 0;
}
-out2:
#ifdef PKINIT
if (pkp)
_kdc_pk_free_client_param(context, pkp);
#endif
+ if (e_data.data)
+ free(e_data.data);
if (client_princ)
krb5_free_principal(context, client_princ);
free(client_name);