oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add PAC to the first entry in the array since Windows and samba3 expects it there.

Browse Source 
The problem was found by Matthieu Patou, whom also created the first
patch which I changed to look what the current code looks like.

History is tracked in [HEIMDAL-582].

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25338 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-07-16 18:28:56 +00:00
parent f8d7804396
commit 2076c1c93e
1 changed files with 26 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
kdc/krb5tgs.c
View File

@@ -805,17 +805,34 @@ tgs_make_reply(krb5_context context,
et.flags.hw_authent = tgt->flags.hw_authent; et.flags.hw_authent = tgt->flags.hw_authent;
et.flags.anonymous = tgt->flags.anonymous; et.flags.anonymous = tgt->flags.anonymous;
et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate; et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate;
if (auth_data) { if(rspac->length) {
/* XXX Check enc-authorization-data */ /*
et.authorization_data = calloc(1, sizeof(*et.authorization_data)); * No not need to filter out the any PAC from the
if (et.authorization_data == NULL) { * auth_data since it's signed by the KDC.
ret = ENOMEM; */
goto out; ret = _kdc_tkt_add_if_relevant_ad(context, &et,
} KRB5_AUTHDATA_WIN2K_PAC, rspac);
ret = copy_AuthorizationData(auth_data, et.authorization_data);
if (ret) if (ret)
goto out; goto out;
}
if (auth_data) {
unsigned int i = 0;
/* XXX check authdata */
if (et.authorization_data == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
for(i = 0; i < auth_data->len ; i++) {
ret = add_AuthorizationData(et.authorization_data, &auth_data->val[i]);
if (ret) {
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
}
/* Filter out type KRB5SignedPath */ /* Filter out type KRB5SignedPath */
ret = find_KRB5SignedPath(context, et.authorization_data, NULL); ret = find_KRB5SignedPath(context, et.authorization_data, NULL);
@@ -832,18 +849,6 @@ tgs_make_reply(krb5_context context,
} }
} }
if(rspac->length) {
/*
* No not need to filter out the any PAC from the
* auth_data since it's signed by the KDC.
*/
ret = _kdc_tkt_add_if_relevant_ad(context, &et,
KRB5_AUTHDATA_WIN2K_PAC,
rspac);
if (ret)
goto out;
}
ret = krb5_copy_keyblock_contents(context, sessionkey, &et.key); ret = krb5_copy_keyblock_contents(context, sessionkey, &et.key);
if (ret) if (ret)
goto out; goto out;