oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(krb5_get_forwarded_creds): use session key for delegated credentials

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16300 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-11-28 20:43:02 +00:00
parent 6c218a0c6a
commit d3d5392e05
1 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/krb5/get_for_creds.c
View File

@@ -378,16 +378,14 @@ krb5_get_forwarded_creds (krb5_context context,
cred.enc_part.cipher.data = buf;
cred.enc_part.cipher.length = buf_size;
} else {
krb5_keyblock *key;
if (auth_context->local_subkey)
key = auth_context->local_subkey;
else if (auth_context->remote_subkey)
key = auth_context->remote_subkey;
else
key = auth_context->keyblock;
/*
* Here older versions then 0.7.2 of Heimdal used the local or
* remote subkey. That is wrong, the session key should be
* used. Heimdal 0.7.2 and newer have code to try both in the
* receiving end.
*/
ret = krb5_crypto_init(context, key, 0, &crypto);
ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
if (ret) {
free(buf);
free_KRB_CRED(&cred);