oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Should pass different key usage constants depending on whether or not

Browse Source 
optional sub-session key was passed by the client for the check of
authorization data. The constant is used to derive "specific key" and
its values are specified in 7.5.1 of RFC4120.

Patch from Andy Polyakov.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22068 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-11-14 19:56:15 +00:00
parent 86e58a1b60
commit be8c8799d8
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kdc/krb5tgs.c
View File

@@ -1166,8 +1166,10 @@ tgs_parse_request(krb5_context context,
}
if (b->enc_authorization_data) {
unsigned usage = KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY;
krb5_keyblock *subkey;
krb5_data ad;
ret = krb5_auth_con_getremotesubkey(context,
ac,
&subkey);
@@ -1178,6 +1180,7 @@ tgs_parse_request(krb5_context context,
goto out;
}
if(subkey == NULL){
usage = KRB5_KU_TGS_REQ_AUTH_DAT_SESSION;
ret = krb5_auth_con_getkey(context, ac, &subkey);
if(ret) {
krb5_auth_con_free(context, ac);
@@ -1202,7 +1205,7 @@ tgs_parse_request(krb5_context context,
}
ret = krb5_decrypt_EncryptedData (context,
crypto,
KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY,
usage,
b->enc_authorization_data,
&ad);
krb5_crypto_destroy(context, crypto);