oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Pass down server entry to verify_pac function.

Browse Source 
from Andrew Bartlett <abartlet@samba.org>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19797 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-01-10 15:22:11 +00:00
parent 634d0ca86d
commit 7e21610a7c
1 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
kdc/krb5tgs.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997-2006 Kungliga Tekniska H<>gskolan * Copyright (c) 1997-2007 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -279,10 +279,12 @@ check_KRB5SignedPath(krb5_context context,
static krb5_error_code static krb5_error_code
check_PAC(krb5_context context, check_PAC(krb5_context context,
krb5_kdc_configuration *config, krb5_kdc_configuration *config,
const krb5_principal client_principal,
hdb_entry_ex *client, hdb_entry_ex *client,
const EncryptionKey *ekey, hdb_entry_ex *server,
const EncryptionKey *server_key,
const EncryptionKey *krbtgt_key,
EncTicketPart *tkt, EncTicketPart *tkt,
const EncryptionKey *sessionkey,
krb5_data *rspac, krb5_data *rspac,
int *require_signedpath) int *require_signedpath)
{ {
@@ -323,15 +325,15 @@ check_PAC(krb5_context context,
return ret; return ret;
ret = krb5_pac_verify(context, pac, tkt->authtime, ret = krb5_pac_verify(context, pac, tkt->authtime,
client->entry.principal, client_principal,
&tkt->key, krbtgt_key, NULL);
ekey);
if (ret) { if (ret) {
krb5_pac_free(context, pac); krb5_pac_free(context, pac);
return ret; return ret;
} }
ret = _kdc_pac_verify(context, client, pac); ret = _kdc_pac_verify(context, client_principal,
client, server, &pac);
if (ret) { if (ret) {
krb5_pac_free(context, pac); krb5_pac_free(context, pac);
return ret; return ret;
@@ -339,8 +341,8 @@ check_PAC(krb5_context context,
*require_signedpath = 0; *require_signedpath = 0;
ret = _krb5_pac_sign(context, pac, tkt->authtime, ret = _krb5_pac_sign(context, pac, tkt->authtime,
client->entry.principal, client_principal,
sessionkey, ekey, rspac); server_key, krbtgt_key, rspac);
krb5_pac_free(context, pac); krb5_pac_free(context, pac);
@@ -1714,8 +1716,9 @@ server_lookup:
goto out; goto out;
} }
ret = check_PAC(context, config, client, &tkey->key, ret = check_PAC(context, config, client_principal,
tgt, &sessionkey, &rspac, &require_signedpath); client, server, ekey, &tkey->key,
tgt, &rspac, &require_signedpath);
if (ret) { if (ret) {
kdc_log(context, config, 0, kdc_log(context, config, 0,
"check_PAC check failed for %s (%s) from %s with %s", "check_PAC check failed for %s (%s) from %s with %s",