svn rev #21670: branches/mskrb-integ/src/kdc/
lhoward@MIT.EDU
lhoward at MIT.EDU
Fri Jan 2 16:55:21 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=21670
Commit By: lhoward
Log Message:
Revert r21667, it breaks authorization data backends that need access to
the KDC key to validate signatures
Changed Files:
U branches/mskrb-integ/src/kdc/kdc_util.c
Modified: branches/mskrb-integ/src/kdc/kdc_util.c
===================================================================
--- branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 21:50:54 UTC (rev 21669)
+++ branches/mskrb-integ/src/kdc/kdc_util.c 2009-01-02 21:55:20 UTC (rev 21670)
@@ -247,6 +247,8 @@
krb5_auth_context auth_context = NULL;
krb5_authenticator * authenticator = NULL;
krb5_checksum * his_cksum = NULL;
+ krb5_keyblock * key = NULL;
+ krb5_kvno kvno = 0;
*nprincs = 0;
@@ -290,7 +292,18 @@
goto cleanup_auth_context;
#endif
+ if ((retval = kdc_get_server_key(apreq->ticket, 0, krbtgt, nprincs, &key, &kvno)))
+ goto cleanup_auth_context;
+ /*
+ * XXX This is currently wrong but to fix it will require making a
+ * new keytab for groveling over the kdb.
+ */
+ retval = krb5_auth_con_setuseruserkey(kdc_context, auth_context, key);
+ krb5_free_keyblock(kdc_context, key);
+ if (retval)
+ goto cleanup_auth_context;
+
if ((retval = krb5_rd_req_decoded_anyflag(kdc_context, &auth_context, apreq,
apreq->ticket->server,
kdc_active_realm->realm_keytab,
More information about the cvs-krb5
mailing list