pull up r22325 from trunk
------------------------------------------------------------------------
r22325 | hartmans | 2009-05-07 16:35:28 -0400 (Thu, 07 May 2009) | 18 lines
Changed paths:
M /trunk/src/include/k5-int.h
M /trunk/src/lib/krb5/krb/decode_kdc.c
M /trunk/src/lib/krb5/krb/gc_via_tkt.c
M /trunk/src/lib/krb5/libkrb5.exports
Subject: Try decrypting using session key if subkey fails in tgs rep handling
ticket: 6484
Tags: pullup
Target_Version: 1.7
Heimdal at least up through 1.2 incorrectly encrypts the TGS response
in the session key not the subkey when a subkey is supplied. See RFC
4120 page 35. Work around this by trying decryption using the session
key after the subkey fails.
* decode_kdc_rep.c: rename to krb5int_decode_tgs_rep; only used for
TGS and now needs to take keyusage
* gc_via_tkt: pass in session key and appropriate usage if subkey
fails.
Note that the dead code to process AS responses in decode_kdc_rep is
not removed by this commit. That will be removed as FAST TGS client
support is integrated post 1.7.
ticket: 6484
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22340
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / commit