summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-12-15 16:17:09 +1100
committerAndrew Bartlett <abartlet@samba.org>2012-01-12 18:02:54 +1100
commit1787efaa006b73cd682f6c27f2b5d367495e7e02 (patch)
treefd39c2a4c869bd101c494bdeaea409ee85f1bfdc
parentd087e715fc803eae735636b4ebbb4c0f131f9bb4 (diff)
downloadsamba-1787efaa006b73cd682f6c27f2b5d367495e7e02.tar.gz
samba-1787efaa006b73cd682f6c27f2b5d367495e7e02.tar.bz2
samba-1787efaa006b73cd682f6c27f2b5d367495e7e02.zip
use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3
This allows a strict link between checksum types and key types to be enforced. Andrew Bartlett
-rw-r--r--source4/heimdal/lib/gssapi/krb5/verify_mic.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/verify_mic.c b/source4/heimdal/lib/gssapi/krb5/verify_mic.c
index af06e0a1e3..0f5612491d 100644
--- a/source4/heimdal/lib/gssapi/krb5/verify_mic.c
+++ b/source4/heimdal/lib/gssapi/krb5/verify_mic.c
@@ -251,6 +251,14 @@ retry:
csum.checksum.length = 20;
csum.checksum.data = p + 8;
+ krb5_crypto_destroy (context, crypto);
+ ret = krb5_crypto_init(context, key,
+ ETYPE_DES3_CBC_SHA1, &crypto);
+ if (ret){
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
ret = krb5_verify_checksum (context, crypto,
KRB5_KU_USAGE_SIGN,
tmp, message_buffer->length + 8,