summaryrefslogtreecommitdiff
path: root/source4/heimdal/kdc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/kdc')
-rw-r--r--source4/heimdal/kdc/krb5tgs.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index a888788bb6f..ff7d93138c0 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1925,6 +1925,13 @@ server_lookup:
goto out;
}
+ if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) {
+ free_PA_S4U2Self(&self);
+ kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum");
+ ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ goto out;
+ }
+
ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack);
if (ret)
goto out;