svn rev #22244: branches/krb5-1-7/src/kdc/
tlyu@MIT.EDU
tlyu at MIT.EDU
Wed Apr 15 16:07:19 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22244
Commit By: tlyu
Log Message:
ticket: 6438
version_fixed: 1.7
pull up r22168 from trunk
------------------------------------------------------------------------
r22168 | hartmans | 2009-04-03 01:36:25 -0400 (Fri, 03 Apr 2009) | 8 lines
Changed paths:
M /trunk/src/kdc/kdc_authdata.c
ticket: 6438
Subject: Handle authdata encrypted in subkey
target_version: 1.7
tags: pullup
RFC 4120 requires that if a subkey is present in the TGS request that
authorization data be encrypted in the subkey. Our KDC did not handle
this correctly.
Changed Files:
U branches/krb5-1-7/src/kdc/kdc_authdata.c
Modified: branches/krb5-1-7/src/kdc/kdc_authdata.c
===================================================================
--- branches/krb5-1-7/src/kdc/kdc_authdata.c 2009-04-15 20:07:15 UTC (rev 22243)
+++ branches/krb5-1-7/src/kdc/kdc_authdata.c 2009-04-15 20:07:18 UTC (rev 22244)
@@ -403,6 +403,13 @@
KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY,
0, &request->authorization_data,
&scratch);
+ if (code != 0)
+ code = krb5_c_decrypt(context,
+ client_key,
+ KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY,
+ 0, &request->authorization_data,
+ &scratch);
+
if (code != 0) {
free(scratch.data);
return code;
More information about the cvs-krb5
mailing list