diff options
author | Love Hörnquist Åstrand <lha@kth.se> | 2009-07-16 18:28:56 +0000 |
---|---|---|
committer | Love Hörnquist Åstrand <lha@kth.se> | 2009-07-16 18:28:56 +0000 |
commit | 2076c1c93e8628a51b6a5ec59e018ca5e504f911 (patch) | |
tree | 28fdde228fef455710fb0e5ada2109a7e6db3d43 | |
parent | f8d7804396e338212b07036027ab51f6732f0d70 (diff) | |
download | samba-misc-tags/switch-from-svn-to-git.tar.gz samba-misc-tags/switch-from-svn-to-git.tar.xz samba-misc-tags/switch-from-svn-to-git.zip |
Add PAC to the first entry in the array since Windows and samba3 expects it there.samba-misc-tags/switch-from-svn-to-git
The problem was found by Matthieu Patou, whom also created the first
patch which I changed to look what the current code looks like.
History is tracked in [HEIMDAL-582].
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25338 ec53bebd-3082-4978-b11e-865c3cabbd6b
-rw-r--r-- | kdc/krb5tgs.c | 39 |
1 files changed, 22 insertions, 17 deletions
diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c index 6b98506e81c..635eb27e75a 100644 --- a/kdc/krb5tgs.c +++ b/kdc/krb5tgs.c @@ -805,17 +805,34 @@ tgs_make_reply(krb5_context context, et.flags.hw_authent = tgt->flags.hw_authent; et.flags.anonymous = tgt->flags.anonymous; et.flags.ok_as_delegate = server->entry.flags.ok_as_delegate; + + if(rspac->length) { + /* + * No not need to filter out the any PAC from the + * auth_data since it's signed by the KDC. + */ + ret = _kdc_tkt_add_if_relevant_ad(context, &et, + KRB5_AUTHDATA_WIN2K_PAC, rspac); + if (ret) + goto out; + } if (auth_data) { - /* XXX Check enc-authorization-data */ - et.authorization_data = calloc(1, sizeof(*et.authorization_data)); + unsigned int i = 0; + + /* XXX check authdata */ if (et.authorization_data == NULL) { ret = ENOMEM; + krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; } - ret = copy_AuthorizationData(auth_data, et.authorization_data); - if (ret) - goto out; + for(i = 0; i < auth_data->len ; i++) { + ret = add_AuthorizationData(et.authorization_data, &auth_data->val[i]); + if (ret) { + krb5_set_error_message(context, ret, "malloc: out of memory"); + goto out; + } + } /* Filter out type KRB5SignedPath */ ret = find_KRB5SignedPath(context, et.authorization_data, NULL); @@ -832,18 +849,6 @@ tgs_make_reply(krb5_context context, } } - if(rspac->length) { - /* - * No not need to filter out the any PAC from the - * auth_data since it's signed by the KDC. - */ - ret = _kdc_tkt_add_if_relevant_ad(context, &et, - KRB5_AUTHDATA_WIN2K_PAC, - rspac); - if (ret) - goto out; - } - ret = krb5_copy_keyblock_contents(context, sessionkey, &et.key); if (ret) goto out; |