heimdal:kdc: Fix ticket signing without a PAC

author Joseph Sutton <josephsutton@catalyst.net.nz>

Thu, 14 Oct 2021 23:12:30 +0000 (12:12 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Sun, 17 Oct 2021 22:53:37 +0000 (22:53 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Thu, 14 Oct 2021 23:12:30 +0000 (12:12 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Sun, 17 Oct 2021 22:53:37 +0000 (22:53 +0000)
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c

index d0483a3903bb6a7a120f26ea51f5342bbd9c1057..2de3b09919975f60a1d78982747614150d8bfd25 100644 (file)
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -695,10 +695,12 @@ tgs_make_reply(krb5_context context,
      }
  
      /* The PAC should be the last change to the ticket. */
-    ret = _krb5_kdc_pac_sign_ticket(context, mspac, tgt_name, serverkey,
-                                   krbtgtkey, rodc_id, add_ticket_sig, &et);
+    if (mspac != NULL) {
+       ret = _krb5_kdc_pac_sign_ticket(context, mspac, tgt_name, serverkey,
+                                       krbtgtkey, rodc_id, add_ticket_sig, &et);
         if (ret)
             goto out;
+    }
  
      /* It is somewhat unclear where the etype in the following
         encryption should come from. What we have is a session
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Thu, 14 Oct 2021 23:12:30 +0000 (12:12 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Sun, 17 Oct 2021 22:53:37 +0000 (22:53 +0000)