Allow null server key to krb5_pac_verify

When the KDC verifies a PAC, it doesn't really need to check the server signature, since it can't trust that anyway. Allow the caller to pass only a TGT key. ticket: 7048 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25532 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2011-12-07 19:38:32 +0000
committer: Greg Hudson <ghudson@mit.edu> 2011-12-07 19:38:32 +0000
commit: 1e34efd28bd6c7eae84b19f71c87b2ea58939c1a (patch)
tree: 9a73adadebbb95841d3c72e76f4934ce1b0f6a4a /src/lib
parent: ad1c58d1e5a2fc7382a9c641468c46d3c9d12996 (diff)
download: krb5-1e34efd28bd6c7eae84b19f71c87b2ea58939c1a.tar.gz
krb5-1e34efd28bd6c7eae84b19f71c87b2ea58939c1a.tar.xz
krb5-1e34efd28bd6c7eae84b19f71c87b2ea58939c1a.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index f173b042eb..23aa9305b3 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -637,9 +637,11 @@ krb5_pac_verify(krb5_context context,
     if (server == NULL)
         return EINVAL;
 
-    ret = k5_pac_verify_server_checksum(context, pac, server);
-    if (ret != 0)
-        return ret;
+    if (server != NULL) {
+        ret = k5_pac_verify_server_checksum(context, pac, server);
+        if (ret != 0)
+            return ret;
+    }
 
     if (privsvr != NULL) {
         ret = k5_pac_verify_kdc_checksum(context, pac, privsvr);
author	Greg Hudson <ghudson@mit.edu>	2011-12-07 19:38:32 +0000
committer	Greg Hudson <ghudson@mit.edu>	2011-12-07 19:38:32 +0000
commit	1e34efd28bd6c7eae84b19f71c87b2ea58939c1a (patch)
tree	9a73adadebbb95841d3c72e76f4934ce1b0f6a4a /src/lib
parent	ad1c58d1e5a2fc7382a9c641468c46d3c9d12996 (diff)
download	krb5-1e34efd28bd6c7eae84b19f71c87b2ea58939c1a.tar.gz krb5-1e34efd28bd6c7eae84b19f71c87b2ea58939c1a.tar.xz krb5-1e34efd28bd6c7eae84b19f71c87b2ea58939c1a.zip