oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Get right key for PAC krbtgt verification.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19643 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-01-03 19:34:27 +00:00
parent d2801e849e
commit 9140e58024
1 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
kdc/krb5tgs.c
View File

@@ -1663,12 +1663,26 @@ server_lookup:
}
/* check PAC if there is one */
ret = check_PAC(context, config, client, ekey, tgt, &require_signedpath);
if (ret) {
kdc_log(context, config, 0,
"check_PAC check failed for %s (%s) from %s with %s",
spn, cpn, from, krb5_get_err_text(context, ret));
goto out;
{
Key *tkey;
ret = hdb_enctype2key(context, &krbtgt->entry,
krbtgt_etype, &tkey);
if(ret) {
kdc_log(context, config, 0,
"Failed to find key for krbtgt PAC check");
goto out;
}
ret = check_PAC(context, config, client, &tkey->key,
tgt, &require_signedpath);
if (ret) {
kdc_log(context, config, 0,
"check_PAC check failed for %s (%s) from %s with %s",
spn, cpn, from, krb5_get_err_text(context, ret));
goto out;
}
}
/* also check the krbtgt for signature */