diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index 75a1c4f60..12134de9b 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -87,7 +87,7 @@ out: free (buf); if(ret) return ret; - padata->padata_type = pa_tgs_req; + padata->padata_type = KRB5_PADATA_TGS_REQ; return 0; } @@ -191,6 +191,10 @@ init_tgs_req (krb5_context context, ret = ENOMEM; goto fail; } + + /* some versions of some code might require that the client be + present in TGS-REQs, but this is clearly against the spec */ + ret = copy_PrincipalName(&in_creds->server->name, t->req_body.sname); if (ret) goto fail; diff --git a/lib/krb5/get_in_tkt.c b/lib/krb5/get_in_tkt.c index 0d8571c9a..5d394ea5f 100644 --- a/lib/krb5/get_in_tkt.c +++ b/lib/krb5/get_in_tkt.c @@ -340,7 +340,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, free_EncryptedData(&encdata); if (ret) return ret; - pa->padata_type = pa_enc_timestamp; + pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP; pa->padata_value.length = 0; krb5_data_copy(&pa->padata_value, buf + sizeof(buf) - len, @@ -582,10 +582,10 @@ set_ptypes(krb5_context context, NULL); for(i = 0; i < md.len; i++){ switch(md.val[i].padata_type){ - case pa_enc_timestamp: + case KRB5_PADATA_ENC_TIMESTAMP: *ptypes = ptypes2; break; - case pa_etype_info: + case KRB5_PADATA_ETYPE_INFO: *preauth = &preauth2; ALLOC_SEQ(*preauth, 1); (*preauth)->val[0].type = KRB5_PADATA_ENC_TIMESTAMP; @@ -595,6 +595,8 @@ set_ptypes(krb5_context context, &(*preauth)->val[0].info, NULL); break; + default: + break; } } free_METHOD_DATA(&md); @@ -714,12 +716,12 @@ krb5_get_in_cred(krb5_context context, if(rep.kdc_rep.padata){ int index = 0; pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len, - pa_pw_salt, &index); + KRB5_PADATA_PW_SALT, &index); if(pa == NULL) { index = 0; pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len, - pa_afs3_salt, &index); + KRB5_PADATA_AFS3_SALT, &index); } } if(pa) {