git.samba.org / abartlet / lorikeet-heimdal.git / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a70b912)
split signedpath from PAC verification
authorLove Hornquist Astrand <lha@h5l.org>
Sun, 13 Jun 2010 04:34:55 +0000 (21:34 -0700)
committerLove Hornquist Astrand <lha@h5l.org>
Sun, 13 Jun 2010 04:34:55 +0000 (21:34 -0700)
kdc/krb5tgs.c patch | blob | history

diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
index 1c4858232ee812d4549452850d2ecc96295ccf75..1da90c2071f57ca88cb4cbf7d07a6896ea5edc92 100644 (file)
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -312,6 +312,7 @@ check_PAC(krb5_context context,
        for (j = 0; j < child.len; j++) {
 
            if (child.val[j].ad_type == KRB5_AUTHDATA_WIN2K_PAC) {
+               int signed_pac = 0;
                krb5_pac pac;
 
                /* Found PAC */
@@ -332,7 +333,7 @@ check_PAC(krb5_context context,
                }
 
                ret = _kdc_pac_verify(context, client_principal,
-                                     client, server, &pac, signedpath);
+                                     client, server, &pac, &signed_pac);
                if (ret) {
                    krb5_pac_free(context, pac);
                    return ret;
@@ -344,11 +345,12 @@ check_PAC(krb5_context context,
                 * a PAC from cross realm from a Windows domain and
                 * that there is no PAC verification function.
                 */
-               if (*signedpath)
+               if (signed_pac) {
+                   *signedpath = 1;
                    ret = _krb5_pac_sign(context, pac, tkt->authtime,
                                         client_principal,
                                         server_key, krbtgt_key, rspac);
-
+               }
                krb5_pac_free(context, pac);
                
                return ret;
Unnamed repository; edit this file to name it for gitweb.