use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3

This allows a strict link between checksum types and key types to be enforced. Andrew Bartlett
author: Andrew Bartlett <abartlet@samba.org> 2011-12-15 16:17:09 +1100
committer: Andrew Bartlett <abartlet@samba.org> 2012-01-12 18:02:54 +1100
commit: 1787efaa006b73cd682f6c27f2b5d367495e7e02 (patch)
tree: fd39c2a4c869bd101c494bdeaea409ee85f1bfdc /source4/heimdal
parent: d087e715fc803eae735636b4ebbb4c0f131f9bb4 (diff)
download: samba-1787efaa006b73cd682f6c27f2b5d367495e7e02.tar.gz
samba-1787efaa006b73cd682f6c27f2b5d367495e7e02.tar.bz2
samba-1787efaa006b73cd682f6c27f2b5d367495e7e02.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/verify_mic.c b/source4/heimdal/lib/gssapi/krb5/verify_mic.c
index af06e0a1e3..0f5612491d 100644
--- a/source4/heimdal/lib/gssapi/krb5/verify_mic.c
+++ b/source4/heimdal/lib/gssapi/krb5/verify_mic.c
@@ -251,6 +251,14 @@ retry:
   csum.checksum.length = 20;
   csum.checksum.data   = p + 8;
 
+  krb5_crypto_destroy (context, crypto);
+  ret = krb5_crypto_init(context, key,
+			 ETYPE_DES3_CBC_SHA1, &crypto);
+  if (ret){
+      *minor_status = ret;
+      return GSS_S_FAILURE;
+  }
+
   ret = krb5_verify_checksum (context, crypto,
 			      KRB5_KU_USAGE_SIGN,
 			      tmp, message_buffer->length + 8,
author	Andrew Bartlett <abartlet@samba.org>	2011-12-15 16:17:09 +1100
committer	Andrew Bartlett <abartlet@samba.org>	2012-01-12 18:02:54 +1100
commit	1787efaa006b73cd682f6c27f2b5d367495e7e02 (patch)
tree	fd39c2a4c869bd101c494bdeaea409ee85f1bfdc /source4/heimdal
parent	d087e715fc803eae735636b4ebbb4c0f131f9bb4 (diff)
download	samba-1787efaa006b73cd682f6c27f2b5d367495e7e02.tar.gz samba-1787efaa006b73cd682f6c27f2b5d367495e7e02.tar.bz2 samba-1787efaa006b73cd682f6c27f2b5d367495e7e02.zip