From: John Kohl Date: Mon, 29 Apr 1991 14:28:11 +0000 (+0000) Subject: change to use kdc_get_server_key function X-Git-Tag: krb5-1.0-alpha5~48 X-Git-Url: http://git.tremily.us/gitweb.cgi?a=commitdiff_plain;h=eab0d208596cddaf65d21e63d17973c429589efa;p=krb5.git change to use kdc_get_server_key function decode the 2nd ticket fix up min() function on rtime to improve readability git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2053 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 4b6cf7b46..161440f3b 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -348,9 +348,10 @@ tgt_again: setflag(enc_tkt_reply.flags, TKT_FLG_RENEWABLE); enc_tkt_reply.times.renew_till = min(rtime, - min(enc_tkt_reply.times.starttime + server.max_renewable_life, - min(enc_tkt_reply.times.starttime + max_renewable_life_for_realm, - header_ticket->enc_part2->times.renew_till))); + min(header_ticket->enc_part2->times.renew_till, + enc_tkt_reply.times.starttime + + min(server.max_renewable_life, + max_renewable_life_for_realm))); } else { enc_tkt_reply.times.renew_till = 0; /* XXX */ } @@ -471,6 +472,9 @@ tgt_again: ticket_reply.enc_part2 = &enc_tkt_reply; if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY)) { + krb5_keyblock *st_sealing_key; + krb5_kvno st_srv_kvno; + if (!request->second_ticket || !request->second_ticket[st_idx]) { cleanup(); @@ -479,6 +483,24 @@ tgt_again: fromstring, response)); } + if (retval = kdc_get_server_key(request->second_ticket[st_idx], + &st_sealing_key, + &st_srv_kvno)) { + tkt_cleanup(); + cleanup(); + return retval; + } + + /* decrypt the ticket */ + retval = krb5_decrypt_tkt_part(st_sealing_key, + request->second_ticket[st_idx]); + krb5_free_keyblock(st_sealing_key); + if (retval) { + tkt_cleanup(); + cleanup(); + return retval; + } + if (retval = krb5_encrypt_tkt_part(request->second_ticket[st_idx]->enc_part2->session, &ticket_reply)) { tkt_cleanup();