svn rev #22168: trunk/src/kdc/
hartmans@MIT.EDU
hartmans at MIT.EDU
Fri Apr 3 01:36:26 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22168
Commit By: hartmans
Log Message:
ticket: 6438
Subject: Handle authdata encrypted in subkey
target_version: 1.7
tags: pullup
RFC 4120 requires that if a subkey is present in the TGS request that
authorization data be encrypted in the subkey. Our KDC did not handle
this correctly.
Changed Files:
U trunk/src/kdc/kdc_authdata.c
Modified: trunk/src/kdc/kdc_authdata.c
===================================================================
--- trunk/src/kdc/kdc_authdata.c 2009-04-03 04:03:45 UTC (rev 22167)
+++ trunk/src/kdc/kdc_authdata.c 2009-04-03 05:36:25 UTC (rev 22168)
@@ -403,6 +403,13 @@
KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY,
0, &request->authorization_data,
&scratch);
+ if (code != 0)
+ code = krb5_c_decrypt(context,
+ client_key,
+ KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY,
+ 0, &request->authorization_data,
+ &scratch);
+
if (code != 0) {
free(scratch.data);
return code;
More information about the cvs-krb5
mailing list