← Back to branch summary

~ubuntu-branches/ubuntu/maverick/krb5/maverick

« back to all changes in this revision

Viewing changes to src/plugins/preauth/pkinit/pkinit_clnt.c

  • Committer: Bazaar Package Importer
  • Author(s): Sam Hartman
  • Date: 2009-05-07 16:16:34 UTC
  • mfrom: (13.1.7 sid)
  • Revision ID: james.westby@ubuntu.com-20090507161634-xqyk0s9na0le4flj
Tags: 1.7dfsg~beta1-4
http://bugs.debian.org/527353
When  decrypting the TGS response fails with the subkey, try with the
session key to work around Heimdal bug, Closes: #527353 

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/plugins/preauth/pkinit/pkinit_clnt.c
548
548
 
549
549
    retval = pkinit_libdefault_strings(context,
550
550
                                       krb5_princ_realm(context, kdcprinc), 
551
 
                                       "pkinit_kdc_hostname",
 
551
                                       KRB5_CONF_PKINIT_KDC_HOSTNAME,
552
552
                                       &cfghosts);
553
553
    if (retval || cfghosts == NULL) {
554
554
        pkiDebug("%s: No pkinit_kdc_hostname values found in config file\n",
936
936
             context, plgctx, reqctx, request);
937
937
 
938
938
    pkinit_libdefault_boolean(context, &request->server->realm,
939
 
                              "pkinit_win2k",
 
939
                              KRB5_CONF_PKINIT_WIN2K,
940
940
                              reqctx->opts->win2k_target,
941
941
                              &reqctx->opts->win2k_target);
942
942
    pkinit_libdefault_boolean(context, &request->server->realm,
943
 
                              "pkinit_win2k_require_binding",
 
943
                              KRB5_CONF_PKINIT_WIN2K_REQUIRE_BINDING,
944
944
                              reqctx->opts->win2k_require_cksum,
945
945
                              &reqctx->opts->win2k_require_cksum);
946
946
    pkinit_libdefault_boolean(context, &request->server->realm,
947
 
                              "pkinit_require_crl_checking",
 
947
                              KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING,
948
948
                              reqctx->opts->require_crl_checking,
949
949
                              &reqctx->opts->require_crl_checking);
950
950
    pkinit_libdefault_integer(context, &request->server->realm,
951
 
                              "pkinit_dh_min_bits",
 
951
                              KRB5_CONF_PKINIT_DH_MIN_BITS,
952
952
                              reqctx->opts->dh_size,
953
953
                              &reqctx->opts->dh_size);
954
954
    if (reqctx->opts->dh_size != 1024 && reqctx->opts->dh_size != 2048
959
959
        reqctx->opts->dh_size = PKINIT_DEFAULT_DH_MIN_BITS;
960
960
    }
961
961
    pkinit_libdefault_string(context, &request->server->realm,
962
 
                             "pkinit_eku_checking",
 
962
                             KRB5_CONF_PKINIT_EKU_CHECKING,
963
963
                             &eku_string);
964
964
    if (eku_string != NULL) {
965
965
        if (strcasecmp(eku_string, "kpKDC") == 0) {
980
980
#ifdef LONGHORN_BETA_COMPAT
981
981
    /* Temporarily just set global flag from config file */
982
982
    pkinit_libdefault_boolean(context, &request->server->realm,
983
 
                              "pkinit_longhorn",
 
983
                              KRB5_CONF_PKINIT_LONGHORN,
984
984
                              0,
985
985
                              &longhorn);
986
986
#endif
988
988
    /* Only process anchors here if they were not specified on command line */
989
989
    if (reqctx->idopts->anchors == NULL)
990
990
        pkinit_libdefault_strings(context, &request->server->realm,
991
 
                                  "pkinit_anchors",
 
991
                                  KRB5_CONF_PKINIT_ANCHORS,
992
992
                                  &reqctx->idopts->anchors);
993
993
    pkinit_libdefault_strings(context, &request->server->realm,
994
 
                              "pkinit_pool",
 
994
                              KRB5_CONF_PKINIT_POOL,
995
995
                              &reqctx->idopts->intermediates);
996
996
    pkinit_libdefault_strings(context, &request->server->realm,
997
 
                              "pkinit_revoke",
 
997
                              KRB5_CONF_PKINIT_REVOKE,
998
998
                              &reqctx->idopts->crls);
999
999
    pkinit_libdefault_strings(context, &request->server->realm,
1000
 
                              "pkinit_identities",
 
1000
                              KRB5_CONF_PKINIT_IDENTITIES,
1001
1001
                              &reqctx->idopts->identity_alt);
1002
1002
}
1003
1003