From e8638c2c7ac59308057ba07b2b1bd2e822db4956 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Thu, 4 Jan 2007 13:27:27 +0000
Subject: [PATCH] Check for KRB5_PADATA_PA_PAC_REQUEST to check if we should
 include the PAC in the krbtgt.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19689 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/kerberos5.c | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index f4d7ee9d0..a06cdd27d 100644
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -861,6 +861,39 @@ _kdc_check_addresses(krb5_context context,
     return result;
 }
 
+/*
+ *
+ */
+
+static krb5_boolean
+send_pac_p(krb5_context context, KDC_REQ *req)
+{
+    krb5_error_code ret;
+    PA_PAC_REQUEST pacreq;
+    PA_DATA *pa;
+    int i = 0;
+    
+    pa = _kdc_find_padata(req, &i, KRB5_PADATA_PA_PAC_REQUEST);
+    if (pa == NULL)
+	return TRUE;
+
+    ret = decode_PA_PAC_REQUEST(pa->padata_value.data,
+				pa->padata_value.length,
+				&pacreq,
+				NULL);
+    if (ret)
+	return TRUE;
+    i = pacreq.include_pac;
+    free_PA_PAC_REQUEST(&pacreq);
+    if (i == 0)
+	return FALSE;
+    return TRUE;
+}
+
+/*
+ *
+ */
+
 krb5_error_code
 _kdc_as_rep(krb5_context context, 
 	    krb5_kdc_configuration *config,
@@ -1503,7 +1536,7 @@ _kdc_as_rep(krb5_context context,
     }
 
     /* Add the PAC */
-    {
+    if (send_pac_p(context, req)) {
 	krb5_pac p = NULL;
 	krb5_data data;