Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet

(This used to be commit fa03d750e4577a610dc410d45d49789110b1b4f1)
author: Andrew Bartlett <abartlet@samba.org> 2008-08-15 21:16:40 +1000
committer: Andrew Bartlett <abartlet@samba.org> 2008-08-15 21:16:40 +1000
commit: 489525a6390e50bd0442295ac45164f43a7576c8 (patch)
tree: 44a8715d7359c2efcc482f87bea82dd92bd080de /source4/heimdal
parent: cd261ee651d3059f6973464115ff43da71d8a595 (diff)
parent: 4bdb752cc51c9f41859f1a43bf5721ae616fa230 (diff)
download: samba-489525a6390e50bd0442295ac45164f43a7576c8.tar.gz
samba-489525a6390e50bd0442295ac45164f43a7576c8.tar.bz2
samba-489525a6390e50bd0442295ac45164f43a7576c8.zip
2 files changed, 18 insertions, 7 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
index 8dbd087da6..a6f0f31246 100644
--- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
@@ -520,16 +520,30 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
     
     if(ctx->flags & GSS_C_MUTUAL_FLAG) {
 	krb5_data outbuf;
+	int use_subkey = 0;
 	    
 	_gsskrb5i_is_cfx(ctx, &is_cfx);
 	    
 	if (is_cfx != 0 
 	    || (ap_options & AP_OPTS_USE_SUBKEY)) {
-	    kret = krb5_auth_con_addflags(context,
-					  ctx->auth_context,
-					  KRB5_AUTH_CONTEXT_USE_SUBKEY,
-					  NULL);
+	    use_subkey = 1;
+	} else {
+	    krb5_keyblock *rkey;
+	    kret = krb5_auth_con_getremotesubkey(context, ctx->auth_context, &rkey);
+	    if (kret == 0) {
+		kret = krb5_auth_con_setlocalsubkey(context, ctx->auth_context, rkey);
+		if (kret == 0) {
+		    use_subkey = 1;
+		}
+		krb5_free_keyblock(context, rkey);
+	    }
+	}
+	if (use_subkey) {
 	    ctx->more_flags |= ACCEPTOR_SUBKEY;
+	    krb5_auth_con_addflags(context,
+				   ctx->auth_context,
+				   KRB5_AUTH_CONTEXT_USE_SUBKEY,
+				   NULL);
 	}
 	    
 	kret = krb5_mk_rep(context,
diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index e80aaa6789..ddf1f69ae4 100644
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -463,8 +463,6 @@ krb5_verify_ap_req2(krb5_context context,
 
     ac->keytype = ETYPE_NULL;
 
-#if 0
-/* it's bad to use a different enctype as the client */
     if (etypes.val) {
 	int i;
 
@@ -475,7 +473,6 @@ krb5_verify_ap_req2(krb5_context context,
 	    }
 	}
     }
-#endif
 
     /* save key */
     ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);
author	Andrew Bartlett <abartlet@samba.org>	2008-08-15 21:16:40 +1000
committer	Andrew Bartlett <abartlet@samba.org>	2008-08-15 21:16:40 +1000
commit	489525a6390e50bd0442295ac45164f43a7576c8 (patch)
tree	44a8715d7359c2efcc482f87bea82dd92bd080de /source4/heimdal
parent	cd261ee651d3059f6973464115ff43da71d8a595 (diff)
parent	4bdb752cc51c9f41859f1a43bf5721ae616fa230 (diff)
download	samba-489525a6390e50bd0442295ac45164f43a7576c8.tar.gz samba-489525a6390e50bd0442295ac45164f43a7576c8.tar.bz2 samba-489525a6390e50bd0442295ac45164f43a7576c8.zip