You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2014/01/08 10:44:50 UTC
svn commit: r1556475 -
/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
Author: kayyagari
Date: Wed Jan 8 09:44:50 2014
New Revision: 1556475
URL: http://svn.apache.org/r1556475
Log:
use the subKey that was used in ApReq to decrypt the KrbPriv part present in the reply (DIRKRB-97)
Modified:
directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
Modified: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java?rev=1556475&r1=1556474&r2=1556475&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java (original)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java Wed Jan 8 09:44:50 2014
@@ -595,13 +595,10 @@ public class KdcConnection
}
ChangePasswordReply chngPwdReply = ( ChangePasswordReply ) reply;
- ApRep chngApRep = chngPwdReply.getApplicationReply();
- byte[] apRepData = cipherTextHandler.decrypt( tgt.getSessionKey(), chngApRep.getEncPart(), KeyUsage.AP_REP_ENC_PART_SESS_KEY );
-
- EncApRepPart encApRepPart = KerberosDecoder.decodeEncApRepPart( apRepData );
-
+
KrbPriv replyPriv = chngPwdReply.getPrivateMessage();
- byte[] data = cipherTextHandler.decrypt( encApRepPart.getSubkey(), replyPriv.getEncPart(), KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
+ // the same subKey present in ApReq is used for encrypting the KrbPriv present in reply
+ byte[] data = cipherTextHandler.decrypt( subKey, replyPriv.getEncPart(), KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
part = KerberosDecoder.decodeEncKrbPrivPart( data );
ChangePasswordResult result = new ChangePasswordResult( part.getUserData() );