Handle authdata encrypted in subkey

RFC 4120 requires that if a subkey is present in the TGS request that authorization data be encrypted in the subkey. Our KDC did not handle this correctly. ticket: 6438 target_version: 1.7 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22168 dc483132-0cff-0310-8789-dd5450dbe970
author: Sam Hartman <hartmans@mit.edu> 2009-04-03 05:36:25 +0000
committer: Sam Hartman <hartmans@mit.edu> 2009-04-03 05:36:25 +0000
commit: f4dda42648602b6641c0c2cab99e29baf6400c88 (patch)
tree: 50c7e65b9b96ff9b7992cb8b69d2573d25309469 /src/kdc/kdc_authdata.c
parent: 4e609bf313a80dbc2247a73d1303b2068eec9acd (diff)
download: krb5-f4dda42648602b6641c0c2cab99e29baf6400c88.tar.gz
krb5-f4dda42648602b6641c0c2cab99e29baf6400c88.tar.xz
krb5-f4dda42648602b6641c0c2cab99e29baf6400c88.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c
index 315269c2af..fd2e3ab5b3 100644
--- a/src/kdc/kdc_authdata.c
+++ b/src/kdc/kdc_authdata.c
@@ -403,6 +403,13 @@ handle_request_authdata (krb5_context context,
 			  KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY,
 			  0, &request->authorization_data,
 			  &scratch);
+    if (code != 0)
+	code = krb5_c_decrypt(context,
+			      client_key,
+			      KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY,
+			      0, &request->authorization_data,
+			      &scratch);
+
     if (code != 0) {
 	free(scratch.data);
 	return code;
author	Sam Hartman <hartmans@mit.edu>	2009-04-03 05:36:25 +0000
committer	Sam Hartman <hartmans@mit.edu>	2009-04-03 05:36:25 +0000
commit	f4dda42648602b6641c0c2cab99e29baf6400c88 (patch)
tree	50c7e65b9b96ff9b7992cb8b69d2573d25309469 /src/kdc/kdc_authdata.c
parent	4e609bf313a80dbc2247a73d1303b2068eec9acd (diff)
download	krb5-f4dda42648602b6641c0c2cab99e29baf6400c88.tar.gz krb5-f4dda42648602b6641c0c2cab99e29baf6400c88.tar.xz krb5-f4dda42648602b6641c0c2cab99e29baf6400c88.zip