diff options
| author | Stefan Metzmacher <metze@samba.org> | 2008-08-13 09:52:20 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2008-08-14 13:13:52 +0200 |
| commit | 69d074af81e57c67ee85314c2b5f7a642844ae88 (patch) | |
| tree | 6febde7d50507719d8455f49bf1f525cabe09569 /source4/heimdal/lib/gssapi | |
| parent | 26853e4607573ec849aa663eb2dd7bcea9acca24 (diff) | |
| download | samba-69d074af81e57c67ee85314c2b5f7a642844ae88.tar.gz samba-69d074af81e57c67ee85314c2b5f7a642844ae88.tar.bz2 samba-69d074af81e57c67ee85314c2b5f7a642844ae88.zip | |
gsskrb5: always return an acceptor subkey
For non cfx keys it's the same as the intiator subkey.
This matches windows behavior.
metze
(This used to be commit 6a8b07c39558f240b89e833ecba15d8b9fc020e8)
Diffstat (limited to 'source4/heimdal/lib/gssapi')
| -rw-r--r-- | source4/heimdal/lib/gssapi/krb5/accept_sec_context.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c index 8dbd087da6..a6f0f31246 100644 --- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c @@ -520,16 +520,30 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, if(ctx->flags & GSS_C_MUTUAL_FLAG) { krb5_data outbuf; + int use_subkey = 0; _gsskrb5i_is_cfx(ctx, &is_cfx); if (is_cfx != 0 || (ap_options & AP_OPTS_USE_SUBKEY)) { - kret = krb5_auth_con_addflags(context, - ctx->auth_context, - KRB5_AUTH_CONTEXT_USE_SUBKEY, - NULL); + use_subkey = 1; + } else { + krb5_keyblock *rkey; + kret = krb5_auth_con_getremotesubkey(context, ctx->auth_context, &rkey); + if (kret == 0) { + kret = krb5_auth_con_setlocalsubkey(context, ctx->auth_context, rkey); + if (kret == 0) { + use_subkey = 1; + } + krb5_free_keyblock(context, rkey); + } + } + if (use_subkey) { ctx->more_flags |= ACCEPTOR_SUBKEY; + krb5_auth_con_addflags(context, + ctx->auth_context, + KRB5_AUTH_CONTEXT_USE_SUBKEY, + NULL); } kret = krb5_mk_rep(context, |