oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Fix bug in key rollover code in TGS, make check-kdc test what we can

Browse Source 
We can't test the key rollover support in the TGS in the x-realm
    path using just Heimdal because the krb5_get_creds() path will try a
    referral, which will produce a cross-realm TGT that has the
    enc_part.kvno set.  But we can test this for the plain TGT case.
This commit is contained in:
Nicolas Williams
2011-11-11 22:33:37 -06:00
parent 349609ed20
commit 38f726d8b4
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kdc/krb5tgs.c
View File

@@ -1192,9 +1192,11 @@ tgs_parse_request(krb5_context context,
ap_req.ticket.realm);
krbtgt_kvno = ap_req.ticket.enc_part.kvno ? *ap_req.ticket.enc_part.kvno : 0;
krbtgt_kvno_try = ap_req.ticket.enc_part.kvno ? *ap_req.ticket.enc_part.kvno : 0;
ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT,
&krbtgt_kvno, NULL, krbtgt);
krbtgt_kvno_try = ap_req.ticket.enc_part.kvno ?
*ap_req.ticket.enc_part.kvno :
(*krbtgt)->entry.kvno;
if (ret == HDB_ERR_NOT_FOUND_HERE) {
/* XXX Factor out this unparsing of the same princ all over */