aboutsummaryrefslogtreecommitdiff
path: root/src/kdc/do_tgs_req.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/kdc/do_tgs_req.c')
-rw-r--r--src/kdc/do_tgs_req.c33
1 files changed, 25 insertions, 8 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 4bd24cf..ce0ff39 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -756,14 +756,6 @@ tgt_again:
goto cleanup;
}
- if (is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) {
- errcode = return_enc_padata(kdc_context, pkt, request,
- &server, &reply_encpart);
- if (errcode) {
- status = "KDC_RETURN_ENC_PADATA";
- goto cleanup;
- }
- }
/*
* Only add the realm of the presented tgt to the transited list if
@@ -955,6 +947,31 @@ tgt_again:
status = "generating reply key";
goto cleanup;
}
+ if (is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) {
+ errcode = return_enc_padata(kdc_context, pkt, request,
+ reply_key,
+ &server, &reply_encpart);
+ if (errcode) {
+ status = "KDC_RETURN_ENC_PADATA";
+ goto cleanup;
+ } else {/*Not refferal*/
+ int idx = 0;
+ reply_encpart.enc_padata = calloc(3, sizeof(krb5_pa_data *));
+ if (reply_encpart.enc_padata == NULL) {
+ errcode = ENOMEM;
+ status = "Allocating enc_padata";
+ goto cleanup;
+ }
+ errcode = kdc_handle_protected_negotiation(pkt, request,
+ reply_key, reply_encpart.enc_padata, &idx);
+ if (errcode != 0) {
+ status = "protected negotiation";
+ goto cleanup;
+ }
+ }
+
+ }
+
errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart,
subkey ? 1 : 0,
reply_key,
generated by cgit v1.1 at 2024-09-07 18:59:54 +0000