summaryrefslogtreecommitdiff
path: root/source4/heimdal
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-08-15 07:58:03 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-08-15 07:58:03 +1000
commitac503b140d6d69b6341be2e80ba535d7cfc7a73d (patch)
tree8bf3d874f09486b71fb0d2faaf37d4cd5cc3d00a /source4/heimdal
parentcb98944be3fd24a9ee9c7b4cef3732e68a8c1627 (diff)
parentc1c6c1b609ab57186dab7b13c56bfe4475a733f7 (diff)
downloadsamba-ac503b140d6d69b6341be2e80ba535d7cfc7a73d.tar.gz
samba-ac503b140d6d69b6341be2e80ba535d7cfc7a73d.tar.bz2
samba-ac503b140d6d69b6341be2e80ba535d7cfc7a73d.zip
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
(This used to be commit b337369d5c86b37d93ee1c62880068e14d6c09f6)
Diffstat (limited to 'source4/heimdal')
-rw-r--r--source4/heimdal/lib/gssapi/krb5/accept_sec_context.c22
-rw-r--r--source4/heimdal/lib/krb5/rd_req.c3
2 files changed, 18 insertions, 7 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
index 8dbd087da6..a6f0f31246 100644
--- a/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
@@ -520,16 +520,30 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
if(ctx->flags & GSS_C_MUTUAL_FLAG) {
krb5_data outbuf;
+ int use_subkey = 0;
_gsskrb5i_is_cfx(ctx, &is_cfx);
if (is_cfx != 0
|| (ap_options & AP_OPTS_USE_SUBKEY)) {
- kret = krb5_auth_con_addflags(context,
- ctx->auth_context,
- KRB5_AUTH_CONTEXT_USE_SUBKEY,
- NULL);
+ use_subkey = 1;
+ } else {
+ krb5_keyblock *rkey;
+ kret = krb5_auth_con_getremotesubkey(context, ctx->auth_context, &rkey);
+ if (kret == 0) {
+ kret = krb5_auth_con_setlocalsubkey(context, ctx->auth_context, rkey);
+ if (kret == 0) {
+ use_subkey = 1;
+ }
+ krb5_free_keyblock(context, rkey);
+ }
+ }
+ if (use_subkey) {
ctx->more_flags |= ACCEPTOR_SUBKEY;
+ krb5_auth_con_addflags(context,
+ ctx->auth_context,
+ KRB5_AUTH_CONTEXT_USE_SUBKEY,
+ NULL);
}
kret = krb5_mk_rep(context,
diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index e80aaa6789..ddf1f69ae4 100644
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -463,8 +463,6 @@ krb5_verify_ap_req2(krb5_context context,
ac->keytype = ETYPE_NULL;
-#if 0
-/* it's bad to use a different enctype as the client */
if (etypes.val) {
int i;
@@ -475,7 +473,6 @@ krb5_verify_ap_req2(krb5_context context,
}
}
}
-#endif
/* save key */
ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);