From: Tom Yu Date: Wed, 15 Apr 2009 20:07:18 +0000 (+0000) Subject: pull up r22168 from trunk X-Git-Tag: krb5-1.7-beta1~23 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=297d206e81ad959460932a48c6a8144ccb2f287e;p=krb5.git pull up r22168 from trunk ------------------------------------------------------------------------ r22168 | hartmans | 2009-04-03 01:36:25 -0400 (Fri, 03 Apr 2009) | 8 lines Changed paths: M /trunk/src/kdc/kdc_authdata.c ticket: 6438 Subject: Handle authdata encrypted in subkey target_version: 1.7 tags: pullup RFC 4120 requires that if a subkey is present in the TGS request that authorization data be encrypted in the subkey. Our KDC did not handle this correctly. ticket: 6438 version_fixed: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22244 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c index 315269c2a..fd2e3ab5b 100644 --- a/src/kdc/kdc_authdata.c +++ b/src/kdc/kdc_authdata.c @@ -403,6 +403,13 @@ handle_request_authdata (krb5_context context, KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY, 0, &request->authorization_data, &scratch); + if (code != 0) + code = krb5_c_decrypt(context, + client_key, + KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY, + 0, &request->authorization_data, + &scratch); + if (code != 0) { free(scratch.data); return code;