Don't return success in check_padata if you can't extract the key!
authorTheodore Tso <tytso@mit.edu>
Fri, 10 Jun 1994 23:02:32 +0000 (23:02 +0000)
committerTheodore Tso <tytso@mit.edu>
Fri, 10 Jun 1994 23:02:32 +0000 (23:02 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3742 dc483132-0cff-0310-8789-dd5450dbe970

src/kdc/do_as_req.c

index cf3d143a7b620eee9922d0b599cc70e294de06f0..abab6e65fb3a4c42c129908583c052e03140358a 100644 (file)
@@ -84,8 +84,9 @@ check_padata (client, src_addr, padata, pa_id, flags)
    
     retval = KDB_CONVERT_KEY_OUTOF_DB(enckey,&tmpkey);
     if (retval) {
-       syslog( LOG_ERR, "AS_REQ: Unable to Extract Client Key/alt_key\n");
-       return(0);
+       syslog( LOG_ERR, "AS_REQ: Unable to extract client key: %s",
+              error_message(retval));
+       return retval;
     }
     retval =  krb5_verify_padata(*padata,client->principal,src_addr,
                                 &tmpkey, pa_id, flags);
@@ -97,9 +98,10 @@ check_padata (client, src_addr, padata, pa_id, flags)
         */
        enckey = &(client->alt_key);
        /* Extract client key/alt_key from master key */
-       if (retval = KDB_CONVERT_KEY_OUTOF_DB(enckey,&tmpkey)){
-           syslog( LOG_ERR, "AS_REQ: Unable to Extract Client Key/alt_key\n");
-           return(0);
+       if (retval = KDB_CONVERT_KEY_OUTOF_DB(enckey,&tmpkey)) {
+           syslog( LOG_ERR, "AS_REQ: Unable to extract client alt_key: %s",
+                  error_message(retval));
+           return retval;
        }
        retval = krb5_verify_padata(*padata,client->principal,src_addr,
                                    &tmpkey, pa_id, flags);