(pk_mk_pa_reply_enckey): only allow non-bound reply if its not required.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21290 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-06-25 14:13:23 +00:00
parent 677319e069
commit b64da39b5f

View File

@@ -677,6 +677,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
static krb5_error_code
pk_mk_pa_reply_enckey(krb5_context context,
krb5_kdc_configuration *config,
pk_client_params *client_params,
const KDC_REQ *req,
const krb5_data *req_buffer,
@@ -701,8 +702,11 @@ pk_mk_pa_reply_enckey(krb5_context context,
switch (client_params->type) {
case PKINIT_COMPAT_WIN2K: {
int i = 0;
if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL)
if (_kdc_find_padata(req, &i, KRB5_PADATA_PK_AS_09_BINDING) == NULL
&& config->pkinit_require_binding == 0)
{
do_win2k = 1;
}
break;
}
case PKINIT_COMPAT_27:
@@ -1016,6 +1020,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
goto out;
}
ret = pk_mk_pa_reply_enckey(context,
config,
client_params,
req,
req_buffer,
@@ -1111,6 +1116,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
goto out;
}
ret = pk_mk_pa_reply_enckey(context,
config,
client_params,
req,
req_buffer,