oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(krb5_rd_req_ctx): The code failed to consider the enc_tkt_in_skey

Browse Source 
case, from Douglas E. Engert.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19919 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-01-15 22:40:42 +00:00
parent 612d7025bc
commit 2ca0d5a961
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/krb5/rd_req.c
View File

@@ -846,6 +846,16 @@ krb5_rd_req_ctx(krb5_context context,
KRB5_AUTHDATA_WIN2K_PAC,
&data);
if (ret == 0) {
krb5_keyblock *keyblock = o->keyblock;
/*
* Ticket protecting the PAC is the same that was used to
* encrypt the ticket. So in case of enc_tkt_in_skey, the
* sessionkey from the server's tkt should be used.
*/
if (o->ap_req_options & KDC_OPT_ENC_TKT_IN_SKEY)
keyblock = &o->ticket->ticket.key;
ret = krb5_pac_parse(context, data.data, data.length, &pac);
krb5_data_free(&data);
if (ret)
@@ -855,7 +865,7 @@ krb5_rd_req_ctx(krb5_context context,
pac,
o->ticket->ticket.authtime,
o->ticket->client,
o->keyblock,
keyblock,
NULL);
krb5_pac_free(context, pac);
if (ret)