From 1e34efd28bd6c7eae84b19f71c87b2ea58939c1a Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 7 Dec 2011 19:38:32 +0000 Subject: Allow null server key to krb5_pac_verify When the KDC verifies a PAC, it doesn't really need to check the server signature, since it can't trust that anyway. Allow the caller to pass only a TGT key. ticket: 7048 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25532 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/pac.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c index f173b042e..23aa9305b 100644 --- a/src/lib/krb5/krb/pac.c +++ b/src/lib/krb5/krb/pac.c @@ -637,9 +637,11 @@ krb5_pac_verify(krb5_context context, if (server == NULL) return EINVAL; - ret = k5_pac_verify_server_checksum(context, pac, server); - if (ret != 0) - return ret; + if (server != NULL) { + ret = k5_pac_verify_server_checksum(context, pac, server); + if (ret != 0) + return ret; + } if (privsvr != NULL) { ret = k5_pac_verify_kdc_checksum(context, pac, privsvr); -- cgit