s4:heimdal: import lorikeet-heimdal-201003262338 (commit f4e0dc17709829235f057e0e100d...

[amitay/samba.git] / source4 / heimdal / kdc / kerberos5.c

diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 87162d5f98ebb4d3007b98440d195c1e3a4f2e5a..c3e94757e38dbc4d549f5fc948351c5a53fe67f6 100644 (file)
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -33,8 +33,6 @@
 
 #include "kdc_locl.h"
 
-RCSID("$Id$");
-
 #define MAX_TIME ((time_t)((1U << 31) - 1))
 
 void
@@ -1425,6 +1423,7 @@ _kdc_as_rep(krb5_context context,
     if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
        || (f.request_anonymous && !config->allow_anonymous)) {
        ret = KRB5KDC_ERR_BADOPTION;
+       e_text = "Bad KDC options";
        kdc_log(context, config, 0, "Bad KDC options -- %s", client_name);
        goto out;
     }
@@ -1454,6 +1453,7 @@ _kdc_as_rep(krb5_context context,
     if(client->entry.flags.forwardable && server->entry.flags.forwardable)
        et.flags.forwardable = f.forwardable;
     else if (f.forwardable) {
+       e_text = "Ticket may not be forwardable";
        ret = KRB5KDC_ERR_POLICY;
        kdc_log(context, config, 0,
                "Ticket may not be forwardable -- %s", client_name);
@@ -1462,6 +1462,7 @@ _kdc_as_rep(krb5_context context,
     if(client->entry.flags.proxiable && server->entry.flags.proxiable)
        et.flags.proxiable = f.proxiable;
     else if (f.proxiable) {
+       e_text = "Ticket may not be proxiable";
        ret = KRB5KDC_ERR_POLICY;
        kdc_log(context, config, 0,
                "Ticket may not be proxiable -- %s", client_name);
@@ -1470,6 +1471,7 @@ _kdc_as_rep(krb5_context context,
     if(client->entry.flags.postdate && server->entry.flags.postdate)
        et.flags.may_postdate = f.allow_postdate;
     else if (f.allow_postdate){
+       e_text = "Ticket may not be postdate";
        ret = KRB5KDC_ERR_POLICY;
        kdc_log(context, config, 0,
                "Ticket may not be postdatable -- %s", client_name);
@@ -1478,6 +1480,7 @@ _kdc_as_rep(krb5_context context,
 
     /* check for valid set of addresses */
     if(!_kdc_check_addresses(context, config, b->addresses, from_addr)) {
+       e_text = "Bad address list in requested";
        ret = KRB5KRB_AP_ERR_BADADDR;
        kdc_log(context, config, 0,
                "Bad address list requested -- %s", client_name);
@@ -1630,6 +1633,7 @@ _kdc_as_rep(krb5_context context,
                                           &et);
        if (ret)
            goto out;
+
     } else
 #endif
     {