diff options
author | Sam Hartman <hartmans@mit.edu> | 2009-04-03 05:36:25 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2009-04-03 05:36:25 +0000 |
commit | f4dda42648602b6641c0c2cab99e29baf6400c88 (patch) | |
tree | 50c7e65b9b96ff9b7992cb8b69d2573d25309469 /src/kdc/kdc_authdata.c | |
parent | 4e609bf313a80dbc2247a73d1303b2068eec9acd (diff) | |
download | krb5-f4dda42648602b6641c0c2cab99e29baf6400c88.zip krb5-f4dda42648602b6641c0c2cab99e29baf6400c88.tar.gz krb5-f4dda42648602b6641c0c2cab99e29baf6400c88.tar.bz2 |
Handle authdata encrypted in subkey
RFC 4120 requires that if a subkey is present in the TGS request that
authorization data be encrypted in the subkey. Our KDC did not handle
this correctly.
ticket: 6438
target_version: 1.7
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22168 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_authdata.c')
-rw-r--r-- | src/kdc/kdc_authdata.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c index 315269c..fd2e3ab 100644 --- a/src/kdc/kdc_authdata.c +++ b/src/kdc/kdc_authdata.c @@ -403,6 +403,13 @@ handle_request_authdata (krb5_context context, KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY, 0, &request->authorization_data, &scratch); + if (code != 0) + code = krb5_c_decrypt(context, + client_key, + KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY, + 0, &request->authorization_data, + &scratch); + if (code != 0) { free(scratch.data); return code; |