+2003-02-11 Sam Hartman <hartmans@mit.edu>
+
+ * rd_cred.c (krb5_rd_cred): Free creds using krb5_free_tgt_creds
+ and make sure they are set to null in case of error.
+
+2003-02-07 Sam Hartman <hartmans@mit.edu>
+
+ * rd_cred.c (krb5_rd_cred): Allow the tickets to be encrypted the
+ session key as well as the subsession key; for GSSAPI this tends
+ to be what happens.
+
2003-02-04 Sam Hartman <hartmans@mit.edu>
* get_in_tkt.c (krb5_get_init_creds): Default to addressless tickets
return KRB5_RC_REQUIRED;
+/* If decrypting with the first keyblock we try fails, perhaps the
+ * credentials are stored in the session key so try decrypting with
+ * that.
+*/
if ((retval = krb5_rd_cred_basic(context, pcreddata, keyblock,
&replaydata, pppcreds))) {
- return retval;
+ if ((retval = krb5_rd_cred_basic(context, pcreddata,
+ auth_context->keyblock,
+ &replaydata, pppcreds))) {
+ return retval;
}
-
+ }
+
if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_donot_replay replay;
krb5_timestamp currenttime;
}
error:;
- if (retval)
- krb5_xfree(*pppcreds);
+ if (retval) {
+ krb5_free_tgt_creds(context, *pppcreds);
+ *pppcreds = NULL;
+ }
return retval;
}
projects / krb5.git / commitdiff