diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-07-03 08:00:08 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:58:59 -0500 |
| commit | ec0035c9b8e0690f3bc21f3de089c39eae660916 (patch) | |
| tree | 183dddce1bc0704f0c137df03e611d255fb68e11 /source4/heimdal/kdc/krb5tgs.c | |
| parent | 74b35321dc043188386d0305508b5276a5290d0d (diff) | |
| download | samba-ec0035c9b8e0690f3bc21f3de089c39eae660916.tar.gz | |
r23678: Update to current lorikeet-heimdal (-r 767), which should fix the
panics on hosts without /dev/random.
Andrew Bartlett
(This used to be commit 14a4ddb131993fec72316f7e8e371638749e6f1f)
Diffstat (limited to 'source4/heimdal/kdc/krb5tgs.c')
| -rw-r--r-- | source4/heimdal/kdc/krb5tgs.c | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 02cd92de2e3..4d6be60f68f 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: krb5tgs.c 21041 2007-06-10 06:21:12Z lha $"); +RCSID("$Id: krb5tgs.c 21262 2007-06-21 15:18:37Z lha $"); /* * return the realm of a krbtgt-ticket or NULL @@ -475,12 +475,14 @@ check_tgs_flags(krb5_context context, et->endtime = min(*et->renew_till, et->endtime); } +#if 0 /* checks for excess flags */ if(f.request_anonymous && !config->allow_anonymous){ kdc_log(context, config, 0, "Request for anonymous ticket"); return KRB5KDC_ERR_BADOPTION; } +#endif return 0; } @@ -731,10 +733,12 @@ tgs_make_reply(krb5_context context, &rep.ticket.realm); _krb5_principal2principalname(&rep.ticket.sname, server->entry.principal); copy_Realm(&tgt_name->realm, &rep.crealm); +/* if (f.request_anonymous) _kdc_make_anonymous_principalname (&rep.cname); - else - copy_PrincipalName(&tgt_name->name, &rep.cname); + else */ + + copy_PrincipalName(&tgt_name->name, &rep.cname); rep.ticket.tkt_vno = 5; ek.caddr = et.caddr; @@ -1707,24 +1711,20 @@ server_lookup: goto out; } - /* check PAC if there is one */ - { + /* check PAC if not cross realm and if there is one */ + if (!cross_realm) { Key *tkey; - krb5_keyblock *tgtkey = NULL; - if (!cross_realm) { - ret = hdb_enctype2key(context, &krbtgt->entry, - krbtgt_etype, &tkey); - if(ret) { - kdc_log(context, config, 0, - "Failed to find key for krbtgt PAC check"); - goto out; - } - tgtkey = &tkey->key; + ret = hdb_enctype2key(context, &krbtgt->entry, + krbtgt_etype, &tkey); + if(ret) { + kdc_log(context, config, 0, + "Failed to find key for krbtgt PAC check"); + goto out; } ret = check_PAC(context, config, client_principal, - client, server, ekey, tgtkey, + client, server, ekey, &tkey->key, tgt, &rspac, &require_signedpath); if (ret) { kdc_log(context, config, 0, |