oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

split signedpath from PAC verification

Browse Source
This commit is contained in:
Love Hornquist Astrand
2010-06-12 21:34:55 -07:00
parent a70b912972
commit 4c43f933d3
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kdc/krb5tgs.c
View File

@@ -312,6 +312,7 @@ check_PAC(krb5_context context,
for (j = 0; j < child.len; j++) {
if (child.val[j].ad_type == KRB5_AUTHDATA_WIN2K_PAC) {
int signed_pac = 0;
krb5_pac pac;
/* Found PAC */
@@ -332,7 +333,7 @@ check_PAC(krb5_context context,
}
ret = _kdc_pac_verify(context, client_principal,
client, server, &pac, signedpath);
client, server, &pac, &signed_pac);
if (ret) {
krb5_pac_free(context, pac);
return ret;
@@ -344,11 +345,12 @@ check_PAC(krb5_context context,
* a PAC from cross realm from a Windows domain and
* that there is no PAC verification function.
*/
if (*signedpath)
if (signed_pac) {
*signedpath = 1;
ret = _krb5_pac_sign(context, pac, tkt->authtime,
client_principal,
server_key, krbtgt_key, rspac);
}
krb5_pac_free(context, pac);
return ret;