for (j = 0; j < child.len; j++) {
if (child.val[j].ad_type == KRB5_AUTHDATA_WIN2K_PAC) {
+ int signed_pac = 0;
krb5_pac pac;
/* Found PAC */
}
ret = _kdc_pac_verify(context, client_principal,
- client, server, &pac, signedpath);
+ client, server, &pac, &signed_pac);
if (ret) {
krb5_pac_free(context, pac);
return ret;
* a PAC from cross realm from a Windows domain and
* that there is no PAC verification function.
*/
- if (*signedpath)
+ if (signed_pac) {
+ *signedpath = 1;
ret = _krb5_pac_sign(context, pac, tkt->authtime,
client_principal,
server_key, krbtgt_key, rspac);
-
+ }
krb5_pac_free(context, pac);
return ret;