diff options
author | Greg Hudson <ghudson@mit.edu> | 2022-01-13 12:58:32 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2022-01-27 01:52:24 -0500 |
commit | ff57dc682a27bd205d715f3c0bed84890f2453c4 (patch) | |
tree | b10a131b40391df386c6f02759be55884e603982 /src/kdc/do_as_req.c | |
parent | 727627036ccba5f1c4c2b9ce6949fdc3172fc684 (diff) | |
download | krb5-ff57dc682a27bd205d715f3c0bed84890f2453c4.zip krb5-ff57dc682a27bd205d715f3c0bed84890f2453c4.tar.gz krb5-ff57dc682a27bd205d715f3c0bed84890f2453c4.tar.bz2 |
Add replace_reply_key kdcpreauth callback
Provide an explicit way for kdcpreauth modules to replace the reply
key, and internally track when the reply key is fully replaced (as
opposed to strengthened by replacing it with a derivative of the
client long-term key). Use this facility in the FAST OTP, PKINIT, and
SPAKE kdcpreauth modules.
ticket: 9049 (new)
Diffstat (limited to 'src/kdc/do_as_req.c')
-rw-r--r-- | src/kdc/do_as_req.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 5e966de..34723fa 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -743,10 +743,9 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, state->status = "DECRYPT_CLIENT_KEY"; goto errout; } - if (state->client_key != NULL) { + if (state->client_key != NULL) state->rock.client_key = state->client_key; - state->rock.client_keyblock = &state->client_keyblock; - } + state->rock.client_keyblock = &state->client_keyblock; errcode = kdc_fast_read_cookie(kdc_context, state->rstate, state->request, state->local_tgt, &state->local_tgt_key); |