diff options
author | Stefan Metzmacher <metze@samba.org> | 2008-08-13 09:52:20 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2008-08-14 13:13:52 +0200 |
commit | 69d074af81e57c67ee85314c2b5f7a642844ae88 (patch) | |
tree | 6febde7d50507719d8455f49bf1f525cabe09569 | |
parent | 26853e4607573ec849aa663eb2dd7bcea9acca24 (diff) | |
download | samba-69d074af81e57c67ee85314c2b5f7a642844ae88.tar.gz samba-69d074af81e57c67ee85314c2b5f7a642844ae88.tar.bz2 samba-69d074af81e57c67ee85314c2b5f7a642844ae88.zip |
gsskrb5: always return an acceptor subkey
For non cfx keys it's the same as the intiator subkey.
This matches windows behavior.
metze
(This used to be commit 6a8b07c39558f240b89e833ecba15d8b9fc020e8)
-rw-r--r-- | source4/heimdal/lib/gssapi/krb5/accept_sec_context.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 8dbd087da6..a6f0f31246 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -520,16 +520,30 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if(ctx->flags & GSS_C_MUTUAL_FLAG) { krb5_data outbuf; + int use_subkey = 0; _gsskrb5i_is_cfx(ctx, &is_cfx); if (is_cfx != 0 || (ap_options & AP_OPTS_USE_SUBKEY)) { - kret = krb5_auth_con_addflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_USE_SUBKEY, - NULL); + use_subkey = 1; + } else { + krb5_keyblock *rkey; + kret = krb5_auth_con_getremotesubkey(context, ctx->auth_context, &rkey); + if (kret == 0) { + kret = krb5_auth_con_setlocalsubkey(context, ctx->auth_context, rkey); + if (kret == 0) { + use_subkey = 1; + } + krb5_free_keyblock(context, rkey); + } + } + if (use_subkey) { ctx->more_flags |= ACCEPTOR_SUBKEY; + krb5_auth_con_addflags(context, + ctx->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); } kret = krb5_mk_rep(context, |