svn rev #22246: branches/krb5-1-7/src/kdc/

tlyu@MIT.EDU tlyu at MIT.EDU
Wed Apr 15 16:07:24 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22246
Commit By: tlyu
Log Message:
ticket: 6439

pull up r22171 from trunk

 ------------------------------------------------------------------------
 r22171 | hartmans | 2009-04-05 17:11:26 -0400 (Sun, 05 Apr 2009) | 7 lines
 Changed paths:
    M /trunk/src/kdc/do_tgs_req.c

 ticket: 6439
 Subject: Implement KDC side of TGS FAST
 target_version: 1.7
 tags: pullup

 Most of the KDC side of TGS FAST was already present.  This adds
 correct generation of the reply key.


Changed Files:
U   branches/krb5-1-7/src/kdc/do_tgs_req.c
Modified: branches/krb5-1-7/src/kdc/do_tgs_req.c
===================================================================
--- branches/krb5-1-7/src/kdc/do_tgs_req.c	2009-04-15 20:07:21 UTC (rev 22245)
+++ branches/krb5-1-7/src/kdc/do_tgs_req.c	2009-04-15 20:07:24 UTC (rev 22246)
@@ -98,12 +98,13 @@
     krb5_transited enc_tkt_transited;
     int newtransited = 0;
     krb5_error_code retval = 0;
+    krb5_keyblock encrypting_key;
     int nprincs = 0;
     krb5_boolean more;
     krb5_timestamp kdc_time, authtime=0;
     krb5_keyblock session_key;
     krb5_timestamp until, rtime;
-    krb5_keyblock encrypting_key;
+    krb5_keyblock *reply_key = NULL;
     krb5_keyblock *mkey_ptr;
     krb5_key_data  *server_key;
     char *cname = 0, *sname = 0, *altcname = 0;
@@ -884,10 +885,14 @@
 	status = "Preparing FAST padata";
 	goto cleanup;
     }
+    errcode =kdc_fast_handle_reply_key(state, subkey?subkey:header_ticket->enc_part2->session, &reply_key);
+    if (errcode) {
+      status  = "generating reply key";
+      goto cleanup;
+    }
             errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart, 
                   subkey ? 1 : 0,
-                  subkey ? subkey :
-                  header_ticket->enc_part2->session,
+					  reply_key,
                   &reply, response);
     if (errcode) {
         status = "ENCODE_KDC_REP";
@@ -906,6 +911,8 @@
     
 cleanup:
     assert(status != NULL);
+    if (reply_key)
+      krb5_free_keyblock(kdc_context, reply_key);
     if (errcode) 
         emsg = krb5_get_error_message (kdc_context, errcode);
     log_tgs_req(from, request, &reply, cname, sname, altcname, authtime,

More information about the cvs-krb5 mailing list