diff options
| author | Stefan Metzmacher <metze@samba.org> | 2008-08-13 09:52:20 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2008-08-14 13:13:52 +0200 |
| commit | 69d074af81e57c67ee85314c2b5f7a642844ae88 (patch) | |
| tree | 6febde7d50507719d8455f49bf1f525cabe09569 /source4/heimdal/lib | |
| parent | 26853e4607573ec849aa663eb2dd7bcea9acca24 (diff) | |
| download | samba-69d074af81e57c67ee85314c2b5f7a642844ae88.tar.gz samba-69d074af81e57c67ee85314c2b5f7a642844ae88.tar.xz samba-69d074af81e57c67ee85314c2b5f7a642844ae88.zip | |
gsskrb5: always return an acceptor subkey
For non cfx keys it's the same as the intiator subkey.
This matches windows behavior.
metze
(This used to be commit 6a8b07c39558f240b89e833ecba15d8b9fc020e8)
Diffstat (limited to 'source4/heimdal/lib')
| -rw-r--r-- | source4/heimdal/lib/gssapi/krb5/accept_sec_context.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 8dbd087da62..a6f0f31246c 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -520,16 +520,30 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if(ctx->flags & GSS_C_MUTUAL_FLAG) { krb5_data outbuf; + int use_subkey = 0; _gsskrb5i_is_cfx(ctx, &is_cfx); if (is_cfx != 0 || (ap_options & AP_OPTS_USE_SUBKEY)) { - kret = krb5_auth_con_addflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_USE_SUBKEY, - NULL); + use_subkey = 1; + } else { + krb5_keyblock *rkey; + kret = krb5_auth_con_getremotesubkey(context, ctx->auth_context, &rkey); + if (kret == 0) { + kret = krb5_auth_con_setlocalsubkey(context, ctx->auth_context, rkey); + if (kret == 0) { + use_subkey = 1; + } + krb5_free_keyblock(context, rkey); + } + } + if (use_subkey) { ctx->more_flags |= ACCEPTOR_SUBKEY; + krb5_auth_con_addflags(context, + ctx->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); } kret = krb5_mk_rep(context, |