From 286019f6cd476de3c1c7ddc8f960694b6c98c670 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Thu, 18 Sep 2003 22:22:57 +0000 Subject: [PATCH] (krb5_rd_req): allow caller to pass in a key in the auth_context, they way processes that doesn't use the keytab can still pass in the key of the service (matches behavior of MIT Kerberos). git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12875 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/rd_req.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index 2184e25cd..c04bfb019 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -488,9 +488,15 @@ krb5_rd_req(krb5_context context, ap_req.ticket.realm); server = service; } + if (ap_req.ap_options.use_session_key && + (*auth_context)->keyblock == NULL) { + krb5_set_error_string(context, "krb5_rd_req: user to user auth " + "without session key given"); + ret = KRB5KRB_AP_ERR_NOKEY; + goto out; + } - if(ap_req.ap_options.use_session_key == 0 || - (*auth_context)->keyblock == NULL){ + if((*auth_context)->keyblock == NULL){ ret = get_key_from_keytab(context, auth_context, &ap_req,