rd_cred.c (krb5_rd_cred):

rd_safe.c (krb5_rd_safe):
rd_priv.c (krb5_rd_priv): Use the remote_subkey first, since the mk_*
	routines try to use their local_subkey first.  Otherwise, the wrong
	keys will get used if subkeys are used in both directions.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10415 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index e9803f1993c9d301d01120534fae988e2de40210..0a99bfa2b00a55011508c17997ede8850eb90461 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,12 @@
+Thu Feb  5 23:48:34 1998  Theodore Y. Ts'o  <tytso@mit.edu>
+
+       * rd_cred.c (krb5_rd_cred): 
+       * rd_safe.c (krb5_rd_safe): 
+       * rd_priv.c (krb5_rd_priv): Use the remote_subkey first, since the
+               mk_* routines try to use their local_subkey first.
+               Otherwise, the wrong keys will get used if subkeys are
+               used in both directions.
+
 Fri Jan  2 21:21:29 1998  Tom Yu  <tlyu@mit.edu>
 
        * preauth.c (handle_sam_labels):

diff --git a/src/lib/krb5/krb/rd_cred.c b/src/lib/krb5/krb/rd_cred.c
index c66f71c27dd1769d71d3ee109d432c29cafa3dd2..7537ac990adc3aa8c4a786dca7788ecf3b29decf 100644 (file)
--- a/src/lib/krb5/krb/rd_cred.c
+++ b/src/lib/krb5/krb/rd_cred.c
@@ -238,8 +238,8 @@ krb5_rd_cred(context, auth_context, pcreddata, pppcreds, outdata)
     krb5_replay_data      replaydata;
 
     /* Get keyblock */
-    if ((keyblock = auth_context->local_subkey) == NULL)
-        if ((keyblock = auth_context->remote_subkey) == NULL)
+    if ((keyblock = auth_context->remote_subkey) == NULL)
+       if ((keyblock = auth_context->local_subkey) == NULL)
             keyblock = auth_context->keyblock;
 
     if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||

diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c
index e6c0fe3612bfdb43b613e5b9cd3ff61dbaaaee58..c4e1ed0b6fe010f51f94672028312cfe871469d1 100644 (file)
--- a/src/lib/krb5/krb/rd_priv.c
+++ b/src/lib/krb5/krb/rd_priv.c
@@ -183,8 +183,8 @@ krb5_rd_priv(context, auth_context, inbuf, outbuf, outdata)
     krb5_replay_data     replaydata;
 
     /* Get keyblock */
-    if ((keyblock = auth_context->local_subkey) == NULL)
-        if ((keyblock = auth_context->remote_subkey) == NULL)
+    if ((keyblock = auth_context->remote_subkey) == NULL)
+       if ((keyblock = auth_context->local_subkey) == NULL)
             keyblock = auth_context->keyblock;
 
     if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||

diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c
index 9f23ff383c7f3edae0ea0cbbcd3f14dd597a1bb0..5f0fcd6ca6c01c0673e7730d2de2e8039c390761 100644 (file)
--- a/src/lib/krb5/krb/rd_safe.c
+++ b/src/lib/krb5/krb/rd_safe.c
@@ -170,8 +170,8 @@ krb5_rd_safe(context, auth_context, inbuf, outbuf, outdata)
        return KRB5_RC_REQUIRED;
 
     /* Get keyblock */
-    if ((keyblock = auth_context->local_subkey) == NULL)
-        if ((keyblock = auth_context->remote_subkey) == NULL)
+    if ((keyblock = auth_context->remote_subkey) == NULL)
+       if ((keyblock = auth_context->local_subkey) == NULL)
             keyblock = auth_context->keyblock;
 
 {