oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

make tests pass again

Browse Source
This commit is contained in:
Love Hörnquist Åstrand
2011-06-19 11:49:33 -07:00
parent e73a5a9c54
commit d756ad019a
1 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
kdc/krb5tgs.c
View File

@@ -2043,6 +2043,7 @@ server_lookup:
} }
krb5_data_free(&rspac); krb5_data_free(&rspac);
/* /*
* generate the PAC for the user. * generate the PAC for the user.
* *
@@ -2054,8 +2055,6 @@ server_lookup:
&clientkey->key, &tkey_check->key, &clientkey->key, &tkey_check->key,
ekey, &tkey_sign->key, ekey, &tkey_sign->key,
&adtkt, &rspac, &ad_signedpath); &adtkt, &rspac, &ad_signedpath);
if (ret == 0 && !ad_signedpath)
ret = KRB5KDC_ERR_BADOPTION;
if (ret) { if (ret) {
const char *msg = krb5_get_error_message(context, ret); const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, kdc_log(context, config, 0,
@@ -2072,12 +2071,10 @@ server_lookup:
ret = check_KRB5SignedPath(context, ret = check_KRB5SignedPath(context,
config, config,
krbtgt, krbtgt,
tp, cp,
&adtkt, &adtkt,
NULL, NULL,
&ad_signedpath); &ad_signedpath);
if (ret == 0 && !ad_signedpath)
ret = KRB5KDC_ERR_BADOPTION;
if (ret) { if (ret) {
const char *msg = krb5_get_error_message(context, ret); const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, kdc_log(context, config, 0,
@@ -2089,6 +2086,16 @@ server_lookup:
goto out; goto out;
} }
if (!ad_signedpath) {
ret = KRB5KDC_ERR_BADOPTION;
kdc_log(context, config, 0,
"Ticket not signed with PAC nor SignedPath service %s failed "
"for delegation to %s for client %s "
"from %s",
spn, tpn, cpn, from);
goto out;
}
kdc_log(context, config, 0, "constrained delegation for %s " kdc_log(context, config, 0, "constrained delegation for %s "
"from %s to %s", tpn, cpn, spn); "from %s to %s", tpn, cpn, spn);
} }