From a8f9738a23192c4470ec8fd9ae9cee1799230af9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sat, 30 Apr 2005 16:24:00 +0000 Subject: [PATCH] if we are using PKINIT, strip of the highest bit to make windows PK-INIT happy. Also make the nonces the same, again for windows, they are using pk-init-9. XXX check if it isn't the that nonce is an unsigned variable so its just a asn1 mismatch. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15043 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/init_creds_pw.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 7b6a1fc55..86c630f41 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -1209,13 +1209,12 @@ init_cred_loop(krb5_context context, /* Set a new nonce. */ krb5_generate_random_block (&ctx->nonce, sizeof(ctx->nonce)); ctx->nonce &= 0xffffffff; - ctx->as_req.req_body.nonce = ctx->nonce; -#if 0 - krb5_generate_random_block (&ctx->pk_nonce, sizeof(ctx->pk_nonce)); - ctx->pk_nonce &= 0xffffffff; -#else - ctx->pk_nonce = ctx->nonce; +#ifdef PKINIT + /* XXX check if it isn't the that nonce is an unsigned + * variable so its just a asn1 mismatch */ + ctx->nonce &= 0x7fffffff; #endif + ctx->pk_nonce = ctx->nonce; #define MAX_PA_COUNTER 3