oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Move the check client/anonoymous logic to pkinit.c

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24578 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-02-04 22:04:08 +00:00
parent 7f61137222
commit 64748478da
1 changed files with 13 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
kdc/kerberos5.c
View File

@@ -1058,27 +1058,19 @@ _kdc_as_rep(krb5_context context,
if (ret == 0 && pkp == NULL) if (ret == 0 && pkp == NULL)
goto ts_enc; goto ts_enc;
if (!b->kdc_options.request_anonymous) { ret = _kdc_pk_check_client(context,
ret = _kdc_pk_check_client(context, config,
config, client,
client, pkp,
pkp, &client_cert);
&client_cert); if (ret) {
if (ret) { e_text = "PKINIT certificate not allowed to "
e_text = "PKINIT certificate not allowed to " "impersonate principal";
"impersonate principal"; _kdc_pk_free_client_param(context, pkp);
_kdc_pk_free_client_param(context, pkp);
kdc_log(context, config, 0, "%s", e_text);
kdc_log(context, config, 0, "%s", e_text); pkp = NULL;
pkp = NULL; goto out;
goto out;
}
} else {
client_cert = strdup("anonymous client client");
if (client_cert == NULL) {
ret = ENOMEM;
goto out;
}
} }
found_pa = 1; found_pa = 1;