summaryrefslogtreecommitdiff
path: root/source4/heimdal/kdc/kerberos5.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/kdc/kerberos5.c')
-rw-r--r--source4/heimdal/kdc/kerberos5.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 87162d5f98..c3e94757e3 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -33,8 +33,6 @@
#include "kdc_locl.h"
-RCSID("$Id$");
-
#define MAX_TIME ((time_t)((1U << 31) - 1))
void
@@ -1425,6 +1423,7 @@ _kdc_as_rep(krb5_context context,
if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
|| (f.request_anonymous && !config->allow_anonymous)) {
ret = KRB5KDC_ERR_BADOPTION;
+ e_text = "Bad KDC options";
kdc_log(context, config, 0, "Bad KDC options -- %s", client_name);
goto out;
}
@@ -1454,6 +1453,7 @@ _kdc_as_rep(krb5_context context,
if(client->entry.flags.forwardable && server->entry.flags.forwardable)
et.flags.forwardable = f.forwardable;
else if (f.forwardable) {
+ e_text = "Ticket may not be forwardable";
ret = KRB5KDC_ERR_POLICY;
kdc_log(context, config, 0,
"Ticket may not be forwardable -- %s", client_name);
@@ -1462,6 +1462,7 @@ _kdc_as_rep(krb5_context context,
if(client->entry.flags.proxiable && server->entry.flags.proxiable)
et.flags.proxiable = f.proxiable;
else if (f.proxiable) {
+ e_text = "Ticket may not be proxiable";
ret = KRB5KDC_ERR_POLICY;
kdc_log(context, config, 0,
"Ticket may not be proxiable -- %s", client_name);
@@ -1470,6 +1471,7 @@ _kdc_as_rep(krb5_context context,
if(client->entry.flags.postdate && server->entry.flags.postdate)
et.flags.may_postdate = f.allow_postdate;
else if (f.allow_postdate){
+ e_text = "Ticket may not be postdate";
ret = KRB5KDC_ERR_POLICY;
kdc_log(context, config, 0,
"Ticket may not be postdatable -- %s", client_name);
@@ -1478,6 +1480,7 @@ _kdc_as_rep(krb5_context context,
/* check for valid set of addresses */
if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) {
+ e_text = "Bad address list in requested";
ret = KRB5KRB_AP_ERR_BADADDR;
kdc_log(context, config, 0,
"Bad address list requested -- %s", client_name);
@@ -1630,6 +1633,7 @@ _kdc_as_rep(krb5_context context,
&et);
if (ret)
goto out;
+
} else
#endif
{
generated by cgit (git 2.34.1) at 2024-07-10 13:56:32 +0000