kdc: Set PAC as trusted if indicated by the plugin

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
index d1ccfe19dd8e3ed9edfc867ae0d2d8d46ac90935..0bad42aa3b72d570d43b68ebc194c86c427c8219 100644 (file)
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -128,6 +128,10 @@ _kdc_check_pac(astgs_request_t r,
                          client_principal, delegated_proxy_principal,
                          client, server, krbtgt, pac, &is_trusted);
     if (ret == 0) {
+       if (is_trusted) {
+           krb5_pac_set_trusted(pac, true);
+       }
+
        if (pac_canon_name) {
            ret = _krb5_pac_get_canon_principal(context, pac, pac_canon_name);
            if (ret && ret != ENOENT) {