if we are using PKINIT, strip of the highest bit to make windows

PK-INIT happy. Also make the nonces the same, again for windows, they are using pk-init-9. XXX check if it isn't the that nonce is an unsigned variable so its just a asn1 mismatch. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15043 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-04-30 16:24:00 +00:00
parent ea7df6b1e6
commit a8f9738a23
1 changed files with 5 additions and 6 deletions
--- a/lib/krb5/init_creds_pw.c
+++ b/lib/krb5/init_creds_pw.c
@@ -1209,13 +1209,12 @@ init_cred_loop(krb5_context context,
    /* Set a new nonce. */
    krb5_generate_random_block (&ctx->nonce, sizeof(ctx->nonce));
    ctx->nonce &= 0xffffffff;
-    ctx->as_req.req_body.nonce = ctx->nonce;
-#if 0
-    krb5_generate_random_block (&ctx->pk_nonce, sizeof(ctx->pk_nonce));
-    ctx->pk_nonce &= 0xffffffff;
-#else
-    ctx->pk_nonce = ctx->nonce;
+#ifdef PKINIT
+    /* XXX check if it isn't the that nonce is an unsigned
+     * variable so its just a asn1 mismatch */
+    ctx->nonce &= 0x7fffffff;
 #endif
+    ctx->pk_nonce = ctx->nonce;

 #define MAX_PA_COUNTER 3