|
@@ -153,7 +153,7 @@ func (a *APReq) Marshal() ([]byte, error) {
|
|
|
|
|
|
|
|
// Verify an AP_REQ using service's keytab, spn and max acceptable clock skew duration.
|
|
// Verify an AP_REQ using service's keytab, spn and max acceptable clock skew duration.
|
|
|
// The service ticket encrypted part and authenticator will be decrypted as part of this operation.
|
|
// The service ticket encrypted part and authenticator will be decrypted as part of this operation.
|
|
|
-func (a *APReq) Verify(kt *keytab.Keytab, d time.Duration, cAddr types.HostAddress) (bool, error) {
|
|
|
|
|
|
|
+func (a *APReq) Verify(kt *keytab.Keytab, d time.Duration, cAddr types.HostAddress, snameOverride *types.PrincipalName) (bool, error) {
|
|
|
// Decrypt ticket's encrypted part with service key
|
|
// Decrypt ticket's encrypted part with service key
|
|
|
//TODO decrypt with service's session key from its TGT is use-to-user. Need to figure out how to get TGT.
|
|
//TODO decrypt with service's session key from its TGT is use-to-user. Need to figure out how to get TGT.
|
|
|
//if types.IsFlagSet(&a.APOptions, flags.APOptionUseSessionKey) {
|
|
//if types.IsFlagSet(&a.APOptions, flags.APOptionUseSessionKey) {
|
|
@@ -178,7 +178,11 @@ func (a *APReq) Verify(kt *keytab.Keytab, d time.Duration, cAddr types.HostAddre
|
|
|
// return false, krberror.Errorf(err, krberror.DecryptingError, "error decrypting encpart of service ticket provided")
|
|
// return false, krberror.Errorf(err, krberror.DecryptingError, "error decrypting encpart of service ticket provided")
|
|
|
// }
|
|
// }
|
|
|
//}
|
|
//}
|
|
|
- err := a.Ticket.DecryptEncPart(kt, &a.Ticket.SName)
|
|
|
|
|
|
|
+ sname := &a.Ticket.SName
|
|
|
|
|
+ if snameOverride != nil {
|
|
|
|
|
+ sname = snameOverride
|
|
|
|
|
+ }
|
|
|
|
|
+ err := a.Ticket.DecryptEncPart(kt, sname)
|
|
|
if err != nil {
|
|
if err != nil {
|
|
|
return false, krberror.Errorf(err, krberror.DecryptingError, "error decrypting encpart of service ticket provided")
|
|
return false, krberror.Errorf(err, krberror.DecryptingError, "error decrypting encpart of service ticket provided")
|
|
|
}
|
|
}
|
Becca Petrin