diff options
author | Sam Hartman <hartmans@mit.edu> | 2003-02-15 01:15:10 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2003-02-15 01:15:10 +0000 |
commit | f75a3db8b492631632c8555ed41ba5daf5488aef (patch) | |
tree | 36f323ef3f55f0f0da9eca51bf54c80c13759e11 /src/kdc | |
parent | f9137481fc5fcba7bec7b1b4063d6c56ad5e2a9e (diff) | |
download | krb5-f75a3db8b492631632c8555ed41ba5daf5488aef.tar.gz krb5-f75a3db8b492631632c8555ed41ba5daf5488aef.tar.xz krb5-f75a3db8b492631632c8555ed41ba5daf5488aef.zip |
The client sorts the enctype list returned by etype_info ordering
enctypes that it requested or that are similar to ones it requested
first.
The KDC only includes enctypes in etype_info if they were requested by
the client.
ticket: 1006
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15191 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc')
-rw-r--r-- | src/kdc/ChangeLog | 6 | ||||
-rw-r--r-- | src/kdc/kdc_preauth.c | 21 |
2 files changed, 26 insertions, 1 deletions
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 346305c2e6..d20710cf2d 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,9 @@ +2003-02-14 Sam Hartman <hartmans@mit.edu> + + * kdc_preauth.c (request_contains_enctype): New function + (get_etype_info): Use it to filter out enctypes not requested by + the client + 2003-02-08 Ken Hornstein <kenh@cmf.nrl.navy.mil> * Makefile.in, configure.in, fakeka.c: New file to implement diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 1087e76c0a..391bcd8bc0 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -1,7 +1,7 @@ /* * kdc/kdc_preauth.c * - * Copyright 1995 by the Massachusetts Institute of Technology. + * Copyright 1995, 2003 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -431,6 +431,18 @@ cleanup: return (retval); } +static krb5_boolean +request_contains_enctype (krb5_context context, const krb5_kdc_req *request, + krb5_enctype enctype) +{ + int i; + for (i =0; i < request->nktypes; i++) + if (request->ktype[i] == enctype) + return 1; + return 0; +} + + static krb5_error_code verify_enc_timestamp(krb5_context context, krb5_db_entry *client, krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply, @@ -542,6 +554,13 @@ get_etype_info(krb5_context context, krb5_kdc_req *request, db_etype = ENCTYPE_DES_CBC_CRC; while (1) { + if (!request_contains_enctype(context, + request, db_etype)) { + if (db_etype = ENCTYPE_DES_CBC_CRC) + continue; + else break; + } + if ((entry[i] = malloc(sizeof(krb5_etype_info_entry))) == NULL) { retval = ENOMEM; goto cleanup; |