From f4dda42648602b6641c0c2cab99e29baf6400c88 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Fri, 3 Apr 2009 05:36:25 +0000 Subject: [PATCH] Handle authdata encrypted in subkey RFC 4120 requires that if a subkey is present in the TGS request that authorization data be encrypted in the subkey. Our KDC did not handle this correctly. ticket: 6438 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22168 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/kdc_authdata.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c index 315269c2a..fd2e3ab5b 100644 --- a/src/kdc/kdc_authdata.c +++ b/src/kdc/kdc_authdata.c @@ -403,6 +403,13 @@ handle_request_authdata (krb5_context context, KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY, 0, &request->authorization_data, &scratch); + if (code != 0) + code = krb5_c_decrypt(context, + client_key, + KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY, + 0, &request->authorization_data, + &scratch); + if (code != 0) { free(scratch.data); return code; -- 2.26.2