heimdal: Only indicate successful authentication after successful authz

author Andrew Bartlett <abartlet@samba.org>

Tue, 18 Feb 2014 00:53:38 +0000 (13:53 +1300)

committer Stefan Metzmacher <metze@samba.org>

Wed, 2 Apr 2014 15:12:47 +0000 (17:12 +0200)
author Andrew Bartlett <abartlet@samba.org>
Tue, 18 Feb 2014 00:53:38 +0000 (13:53 +1300)
committer Stefan Metzmacher <metze@samba.org>
Wed, 2 Apr 2014 15:12:47 +0000 (17:12 +0200)
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c

index 939d1b014234630848baf34413b222062a594e9a..bab4b8ca5429a5744a731e6d6dfe99c05e5965e9 100644 (file)
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -1448,10 +1448,6 @@ _kdc_as_rep(krb5_context context,
         goto out;
      }
  
-    if (clientdb->hdb_auth_status)
-       (clientdb->hdb_auth_status)(context, clientdb, client,
-                                   HDB_AUTH_SUCCESS);
-
      /*
       * Verify flags after the user been required to prove its identity
       * with in a preauth mech.
@@ -1463,6 +1459,10 @@ _kdc_as_rep(krb5_context context,
      if(ret)
         goto out;
  
+    if (clientdb->hdb_auth_status)
+       (clientdb->hdb_auth_status)(context, clientdb, client,
+                                   HDB_AUTH_SUCCESS);
+
      /*
       * Selelct the best encryption type for the KDC with out regard to
       * the client since the client never needs to read that data.
author	Andrew Bartlett <abartlet@samba.org>
	Tue, 18 Feb 2014 00:53:38 +0000 (13:53 +1300)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 2 Apr 2014 15:12:47 +0000 (17:12 +0200)