pull up r22171 from trunk

 ------------------------------------------------------------------------
 r22171 | hartmans | 2009-04-05 17:11:26 -0400 (Sun, 05 Apr 2009) | 7 lines
 Changed paths:
    M /trunk/src/kdc/do_tgs_req.c

 ticket: 6439
 Subject: Implement KDC side of TGS FAST
 target_version: 1.7
 tags: pullup

 Most of the KDC side of TGS FAST was already present.  This adds
 correct generation of the reply key.

ticket: 6439

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22246 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 310223c7cb55d2e5a0ba0dad4fbb0cfece8d0bf7..d81a76386737b093ea4bb944a2ccb23741810672 100644 (file)
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -98,12 +98,13 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
     krb5_transited enc_tkt_transited;
     int newtransited = 0;
     krb5_error_code retval = 0;
+    krb5_keyblock encrypting_key;
     int nprincs = 0;
     krb5_boolean more;
     krb5_timestamp kdc_time, authtime=0;
     krb5_keyblock session_key;
     krb5_timestamp until, rtime;
-    krb5_keyblock encrypting_key;
+    krb5_keyblock *reply_key = NULL;
     krb5_keyblock *mkey_ptr;
     krb5_key_data  *server_key;
     char *cname = 0, *sname = 0, *altcname = 0;
@@ -883,11 +884,15 @@ tgt_again:
     if (errcode !=0 ) {
        status = "Preparing FAST padata";
        goto cleanup;
+    }
+    errcode =kdc_fast_handle_reply_key(state, subkey?subkey:header_ticket->enc_part2->session, &reply_key);
+    if (errcode) {
+      status  = "generating reply key";
+      goto cleanup;
     }
             errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart, 
                   subkey ? 1 : 0,
-                  subkey ? subkey :
-                  header_ticket->enc_part2->session,
+                                         reply_key,
                   &reply, response);
     if (errcode) {
         status = "ENCODE_KDC_REP";
@@ -906,6 +911,8 @@ tgt_again:
     
 cleanup:
     assert(status != NULL);
+    if (reply_key)
+      krb5_free_keyblock(kdc_context, reply_key);
     if (errcode) 
         emsg = krb5_get_error_message (kdc_context, errcode);
     log_tgs_req(from, request, &reply, cname, sname, altcname, authtime,