From: Sam Hartman Date: Tue, 11 Feb 2003 23:11:24 +0000 (+0000) Subject: Support credentials encrypted in the session key rather than X-Git-Tag: krb5-1.3-alpha1~96 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=1f294806b4260691fff580c6a0587a597e66701d;p=krb5.git Support credentials encrypted in the session key rather than the subsession key. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15181 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index b27558ce4..fa7b7c8b5 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,14 @@ +2003-02-11 Sam Hartman + + * rd_cred.c (krb5_rd_cred): Free creds using krb5_free_tgt_creds + and make sure they are set to null in case of error. + +2003-02-07 Sam Hartman + + * rd_cred.c (krb5_rd_cred): Allow the tickets to be encrypted the + session key as well as the subsession key; for GSSAPI this tends + to be what happens. + 2003-02-04 Sam Hartman * get_in_tkt.c (krb5_get_init_creds): Default to addressless tickets diff --git a/src/lib/krb5/krb/rd_cred.c b/src/lib/krb5/krb/rd_cred.c index d930efc15..228219f76 100644 --- a/src/lib/krb5/krb/rd_cred.c +++ b/src/lib/krb5/krb/rd_cred.c @@ -184,11 +184,19 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data *pc return KRB5_RC_REQUIRED; +/* If decrypting with the first keyblock we try fails, perhaps the + * credentials are stored in the session key so try decrypting with + * that. +*/ if ((retval = krb5_rd_cred_basic(context, pcreddata, keyblock, &replaydata, pppcreds))) { - return retval; + if ((retval = krb5_rd_cred_basic(context, pcreddata, + auth_context->keyblock, + &replaydata, pppcreds))) { + return retval; } - + } + if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) { krb5_donot_replay replay; krb5_timestamp currenttime; @@ -231,8 +239,10 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data *pc } error:; - if (retval) - krb5_xfree(*pppcreds); + if (retval) { + krb5_free_tgt_creds(context, *pppcreds); + *pppcreds = NULL; + } return retval; }