From adab8d3968ce2bf18eab6b89375050ebf6630f08 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 12 Jan 2006 07:13:36 +0000 Subject: r12863: As lha suggested to me a while back, it appears that the gsskrb5_get_initiator_subkey() routine is bougs. We can indeed use gss_krb5_get_subkey(). This is fortunate, as there was a segfault bug in 'initiator' version. Andrew Bartlett (This used to be commit ec11870ca1f9231dd3eeae792fc3268b31477e11) --- source4/auth/gensec/gensec_gssapi.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'source4/auth/gensec') diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index b71bee03ea..4eb7b95d6d 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -734,22 +734,21 @@ static NTSTATUS gensec_gssapi_session_key(struct gensec_security *gensec_securit if ((gensec_gssapi_state->gss_oid->length == gss_mech_krb5->length) && (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements, gensec_gssapi_state->gss_oid->length) == 0)) { - OM_uint32 maj_stat, min_stat; - gss_buffer_desc skey; + OM_uint32 maj_stat; + krb5_keyblock *skey; - maj_stat = gsskrb5_get_initiator_subkey(&min_stat, - gensec_gssapi_state->gssapi_context, - &skey); + maj_stat = gss_krb5_get_subkey(gensec_gssapi_state->gssapi_context, + &skey); if (maj_stat == 0) { DEBUG(10, ("Got KRB5 session key of length %d\n", - (int)skey.length)); + (int)KRB5_KEY_LENGTH(skey))); gensec_gssapi_state->session_key = data_blob_talloc(gensec_gssapi_state, - skey.value, skey.length); + KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey)); *session_key = gensec_gssapi_state->session_key; dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length); - gss_release_buffer(&min_stat, &skey); + krb5_free_keyblock(gensec_gssapi_state->smb_krb5_context->krb5_context, skey); return NT_STATUS_OK; } return NT_STATUS_NO_USER_SESSION_KEY; -- cgit