svn rev #22171: trunk/src/kdc/
hartmans@MIT.EDU
hartmans at MIT.EDU
Sun Apr 5 17:11:27 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22171
Commit By: hartmans
Log Message:
ticket: 6439
Subject: Implement KDC side of TGS FAST
target_version: 1.7
tags: pullup
Most of the KDC side of TGS FAST was already present. This adds
correct generation of the reply key.
Changed Files:
U trunk/src/kdc/do_tgs_req.c
Modified: trunk/src/kdc/do_tgs_req.c
===================================================================
--- trunk/src/kdc/do_tgs_req.c 2009-04-04 03:03:04 UTC (rev 22170)
+++ trunk/src/kdc/do_tgs_req.c 2009-04-05 21:11:26 UTC (rev 22171)
@@ -98,12 +98,13 @@
krb5_transited enc_tkt_transited;
int newtransited = 0;
krb5_error_code retval = 0;
+ krb5_keyblock encrypting_key;
int nprincs = 0;
krb5_boolean more;
krb5_timestamp kdc_time, authtime=0;
krb5_keyblock session_key;
krb5_timestamp until, rtime;
- krb5_keyblock encrypting_key;
+ krb5_keyblock *reply_key = NULL;
krb5_keyblock *mkey_ptr;
krb5_key_data *server_key;
char *cname = 0, *sname = 0, *altcname = 0;
@@ -884,10 +885,14 @@
status = "Preparing FAST padata";
goto cleanup;
}
+ errcode =kdc_fast_handle_reply_key(state, subkey?subkey:header_ticket->enc_part2->session, &reply_key);
+ if (errcode) {
+ status = "generating reply key";
+ goto cleanup;
+ }
errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart,
subkey ? 1 : 0,
- subkey ? subkey :
- header_ticket->enc_part2->session,
+ reply_key,
&reply, response);
if (errcode) {
status = "ENCODE_KDC_REP";
@@ -906,6 +911,8 @@
cleanup:
assert(status != NULL);
+ if (reply_key)
+ krb5_free_keyblock(kdc_context, reply_key);
if (errcode)
emsg = krb5_get_error_message (kdc_context, errcode);
log_tgs_req(from, request, &reply, cname, sname, altcname, authtime,
More information about the cvs-krb5
mailing list