pull up r22325 from trunk
 ------------------------------------------------------------------------
 r22325 | hartmans | 2009-05-07 16:35:28 -0400 (Thu, 07 May 2009) | 18 lines
 Changed paths:
    M /trunk/src/include/k5-int.h
    M /trunk/src/lib/krb5/krb/decode_kdc.c
    M /trunk/src/lib/krb5/krb/gc_via_tkt.c
    M /trunk/src/lib/krb5/libkrb5.exports

 Subject: Try decrypting using session key if subkey fails in tgs rep handling
 ticket: 6484
 Tags: pullup
 Target_Version: 1.7

 Heimdal at least up through 1.2 incorrectly encrypts the TGS response
 in the session key not the subkey when a subkey is supplied.  See RFC
 4120 page 35.  Work around this by trying decryption using the session
 key after the subkey fails.

 * decode_kdc_rep.c: rename to krb5int_decode_tgs_rep; only used for
   TGS and now needs to take keyusage
 * gc_via_tkt: pass in session key and appropriate usage if subkey
   fails.

 Note that the dead code to process AS responses in decode_kdc_rep is
 not removed by this commit.  That will be removed as FAST TGS client
 support is integrated post 1.7.

https://github.com/krb5/krb5/commit/3ed57da7e3beff1e3841f0744292476ba729fe67
Commit By: tlyu
Revision: 22340
Changed Files:
U   branches/krb5-1-7/src/include/k5-int.h
U   branches/krb5-1-7/src/lib/krb5/krb/decode_kdc.c
U   branches/krb5-1-7/src/lib/krb5/krb/gc_via_tkt.c
U   branches/krb5-1-7/src/lib/krb5/libkrb5.exports