From: Luke Howard <lukeh@padl.com>
Date: Sun, 30 Aug 2009 16:11:12 +0000 (+0000)
Subject: make reply session key available to authdata backends, so they can implement AD-KDCIssued
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1414a987a3e5642492cd997eda2c9f13c61ac00f;p=thirdparty%2Fkrb5.git

make reply session key available to authdata backends, so they can implement AD-KDCIssued

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/authdata@22662 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index a99dc35ba1..8b1c47387b 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -675,6 +675,10 @@ tgt_again:
     else
         enc_tkt_reply.client = header_enc_tkt->client;
 
+    enc_tkt_reply.session = &session_key;
+    enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS;
+    enc_tkt_reply.transited.tr_contents = empty_string; /* equivalent of "" */
+
     errcode = handle_authdata(kdc_context,
                               c_flags,
                               (c_nprincs != 0) ? &client : NULL,
@@ -703,10 +707,6 @@ tgt_again:
         }
     }
 
-    enc_tkt_reply.session = &session_key;
-    enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS;
-    enc_tkt_reply.transited.tr_contents = empty_string; /* equivalent of "" */
-
     /*
      * Only add the realm of the presented tgt to the transited list if 
      * it is different than the local realm (cross-realm) and it is different
diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c
index 43ea0869ac..cc69f5fdbe 100644
--- a/src/kdc/kdc_authdata.c
+++ b/src/kdc/kdc_authdata.c
@@ -526,6 +526,7 @@ handle_tgt_authdata (krb5_context context,
 			    server_key, /* U2U or server key */
 			    enc_tkt_reply->times.authtime,
 			    tgs_req ? enc_tkt_request->authorization_data : NULL,
+			    enc_tkt_reply->session,
 			    &db_authdata,
 			    &ad_entry,
 			    &ad_nprincs);
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 88ef110629..8dd4f91dec 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1745,6 +1745,7 @@ sign_db_authdata (krb5_context context,
 		  krb5_keyblock *server_key,
 		  krb5_timestamp authtime,
 		  krb5_authdata **tgs_authdata,
+		  krb5_keyblock *session_key,
 		  krb5_authdata ***ret_authdata,
 		  krb5_db_entry *ad_entry,
 		  int *ad_nprincs)
@@ -1771,6 +1772,7 @@ sign_db_authdata (krb5_context context,
     req.server_key		= server_key;
     req.authtime		= authtime;
     req.auth_data		= tgs_authdata;
+    req.session_key		= session_key;
 
     rep.entry			= ad_entry;
     rep.nprincs			= 0;
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h
index 0604426045..e34ca876b4 100644
--- a/src/kdc/kdc_util.h
+++ b/src/kdc/kdc_util.h
@@ -230,6 +230,7 @@ krb5_error_code sign_db_authdata
 		krb5_keyblock *server_key,
 		krb5_timestamp authtime,
 		krb5_authdata **tgs_authdata,
+		krb5_keyblock *session_key,
 		krb5_authdata ***ret_authdata,
 		krb5_db_entry *ad_entry,
 		int *ad_nprincs);