diff options
Diffstat (limited to 'source4/heimdal/kdc/kerberos5.c')
-rw-r--r-- | source4/heimdal/kdc/kerberos5.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 87162d5f98..c3e94757e3 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -33,8 +33,6 @@ #include "kdc_locl.h" -RCSID("$Id$"); - #define MAX_TIME ((time_t)((1U << 31) - 1)) void @@ -1425,6 +1423,7 @@ _kdc_as_rep(krb5_context context, if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey || (f.request_anonymous && !config->allow_anonymous)) { ret = KRB5KDC_ERR_BADOPTION; + e_text = "Bad KDC options"; kdc_log(context, config, 0, "Bad KDC options -- %s", client_name); goto out; } @@ -1454,6 +1453,7 @@ _kdc_as_rep(krb5_context context, if(client->entry.flags.forwardable && server->entry.flags.forwardable) et.flags.forwardable = f.forwardable; else if (f.forwardable) { + e_text = "Ticket may not be forwardable"; ret = KRB5KDC_ERR_POLICY; kdc_log(context, config, 0, "Ticket may not be forwardable -- %s", client_name); @@ -1462,6 +1462,7 @@ _kdc_as_rep(krb5_context context, if(client->entry.flags.proxiable && server->entry.flags.proxiable) et.flags.proxiable = f.proxiable; else if (f.proxiable) { + e_text = "Ticket may not be proxiable"; ret = KRB5KDC_ERR_POLICY; kdc_log(context, config, 0, "Ticket may not be proxiable -- %s", client_name); @@ -1470,6 +1471,7 @@ _kdc_as_rep(krb5_context context, if(client->entry.flags.postdate && server->entry.flags.postdate) et.flags.may_postdate = f.allow_postdate; else if (f.allow_postdate){ + e_text = "Ticket may not be postdate"; ret = KRB5KDC_ERR_POLICY; kdc_log(context, config, 0, "Ticket may not be postdatable -- %s", client_name); @@ -1478,6 +1480,7 @@ _kdc_as_rep(krb5_context context, /* check for valid set of addresses */ if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) { + e_text = "Bad address list in requested"; ret = KRB5KRB_AP_ERR_BADADDR; kdc_log(context, config, 0, "Bad address list requested -- %s", client_name); @@ -1630,6 +1633,7 @@ _kdc_as_rep(krb5_context context, &et); if (ret) goto out; + } else #endif { |