diff options
Diffstat (limited to 'src/kdc/do_tgs_req.c')
-rw-r--r-- | src/kdc/do_tgs_req.c | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 4bd24cf..ce0ff39 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -756,14 +756,6 @@ tgt_again: goto cleanup; } - if (is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) { - errcode = return_enc_padata(kdc_context, pkt, request, - &server, &reply_encpart); - if (errcode) { - status = "KDC_RETURN_ENC_PADATA"; - goto cleanup; - } - } /* * Only add the realm of the presented tgt to the transited list if @@ -955,6 +947,31 @@ tgt_again: status = "generating reply key"; goto cleanup; } + if (is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) { + errcode = return_enc_padata(kdc_context, pkt, request, + reply_key, + &server, &reply_encpart); + if (errcode) { + status = "KDC_RETURN_ENC_PADATA"; + goto cleanup; + } else {/*Not refferal*/ + int idx = 0; + reply_encpart.enc_padata = calloc(3, sizeof(krb5_pa_data *)); + if (reply_encpart.enc_padata == NULL) { + errcode = ENOMEM; + status = "Allocating enc_padata"; + goto cleanup; + } + errcode = kdc_handle_protected_negotiation(pkt, request, + reply_key, reply_encpart.enc_padata, &idx); + if (errcode != 0) { + status = "protected negotiation"; + goto cleanup; + } + } + + } + errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart, subkey ? 1 : 0, reply_key, |