oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: map KRB5_PROG_SUMTYPE_NOSUPP to KRB5KDC_ERR_SUMTYPE_NOSUPP

Browse Source 
RFC4120 says KRB5KDC_ERR_SUMTYPE_NOSUPP should be returned if the KDC does not
support a given checksum type. Return this instead of KRB5_PROG_SUMTYPE_NOSUPP
by introducing a new wrapper function, _kdc_verify_checksum().
This commit is contained in:
Luke Howard
2021-09-21 18:09:25 +10:00
parent 85756bd228
commit fd3f463152
4 changed files with 27 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kdc/fast.c
View File

@@ -475,10 +475,9 @@ fast_unwrap_request(astgs_request_t r)
krb5_free_keyblock_contents(r->context, &armorkey);
/* verify req-checksum of the outer body */
ret = krb5_verify_checksum(r->context, r->armor_crypto,
ret = _kdc_verify_checksum(r->context, r->armor_crypto,
KRB5_KU_FAST_REQ_CHKSUM,
r->req.req_body._save.data,
r->req.req_body._save.length,
&r->req.req_body._save,
&fxreq.u.armored_data.req_checksum);
if (ret) {
kdc_log(r->context, r->config, 2,