From ec0035c9b8e0690f3bc21f3de089c39eae660916 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 3 Jul 2007 08:00:08 +0000
Subject: r23678: Update to current lorikeet-heimdal (-r 767), which should fix
 the panics on hosts without /dev/random.

Andrew Bartlett
(This used to be commit 14a4ddb131993fec72316f7e8e371638749e6f1f)
---
 source4/heimdal/kdc/krb5tgs.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

(limited to 'source4/heimdal/kdc/krb5tgs.c')

diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 02cd92de2e..4d6be60f68 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -33,7 +33,7 @@
 
 #include "kdc_locl.h"
 
-RCSID("$Id: krb5tgs.c 21041 2007-06-10 06:21:12Z lha $");
+RCSID("$Id: krb5tgs.c 21262 2007-06-21 15:18:37Z lha $");
 
 /*
  * return the realm of a krbtgt-ticket or NULL
@@ -475,12 +475,14 @@ check_tgs_flags(krb5_context context,
 	    et->endtime = min(*et->renew_till, et->endtime);
     }	    
     
+#if 0
     /* checks for excess flags */
     if(f.request_anonymous && !config->allow_anonymous){
 	kdc_log(context, config, 0,
 		"Request for anonymous ticket");
 	return KRB5KDC_ERR_BADOPTION;
     }
+#endif
     return 0;
 }
 
@@ -731,10 +733,12 @@ tgs_make_reply(krb5_context context,
 	       &rep.ticket.realm);
     _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal);
     copy_Realm(&tgt_name->realm, &rep.crealm);
+/*
     if (f.request_anonymous)
 	_kdc_make_anonymous_principalname (&rep.cname);
-    else
-	copy_PrincipalName(&tgt_name->name, &rep.cname);
+    else */
+
+    copy_PrincipalName(&tgt_name->name, &rep.cname);
     rep.ticket.tkt_vno = 5;
 
     ek.caddr = et.caddr;
@@ -1707,24 +1711,20 @@ server_lookup:
 	    goto out;
     }
 
-    /* check PAC if there is one */
-    {
+    /* check PAC if not cross realm and if there is one */
+    if (!cross_realm) {
 	Key *tkey;
-	krb5_keyblock *tgtkey = NULL;
 
-	if (!cross_realm) {
-	    ret = hdb_enctype2key(context, &krbtgt->entry, 
-				  krbtgt_etype, &tkey);
-	    if(ret) {
-		kdc_log(context, config, 0,
-			"Failed to find key for krbtgt PAC check");
-		goto out;
-	    }
-	    tgtkey = &tkey->key;
+	ret = hdb_enctype2key(context, &krbtgt->entry, 
+			      krbtgt_etype, &tkey);
+	if(ret) {
+	    kdc_log(context, config, 0,
+		    "Failed to find key for krbtgt PAC check");
+	    goto out;
 	}
 
 	ret = check_PAC(context, config, client_principal, 
-			client, server, ekey, tgtkey,
+			client, server, ekey, &tkey->key,
 			tgt, &rspac, &require_signedpath);
 	if (ret) {
 	    kdc_log(context, config, 0,
-- 
cgit