Save a copy of the ciphertext from the kdc rather than trying to

decrypt the already decrypted text each time through the loop.

Ticket: 1554
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15551 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 9 insertions, 0 deletions

diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog
index f16f07c45a..d721591412 100644
--- a/src/lib/krb4/ChangeLog
+++ b/src/lib/krb4/ChangeLog
@@ -1,3 +1,8 @@
+2003-06-03  Sam Hartman  <hartmans@mit.edu>
+
+	* g_in_tkt.c (krb_get_in_tkt_preauth_creds): Keep copy of
+	ciphertext while trying different keyprocs 
+
 2003-06-02  Tom Yu  <tlyu@mit.edu>
 
 	* change_password.c (krb_change_password): Explicitly zero the
diff --git a/src/lib/krb4/g_in_tkt.c b/src/lib/krb4/g_in_tkt.c
index 4d5286a98b..58a91b00df 100644
--- a/src/lib/krb4/g_in_tkt.c
+++ b/src/lib/krb4/g_in_tkt.c
@@ -424,6 +424,9 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life,
     /* Attempt to decrypt the reply.  Loop trying password_to_key algorithms 
        until we succeed or we get an error other than "bad password" */
     do {
+	KTEXT_ST cip_copy_st;
+	memcpy(&cip_copy_st, &cip_st, sizeof(cip_st));
+	cip = &cip_copy_st;
         if (decrypt_proc == NULL) {
             decrypt_tkt (user, instance, realm, arg, keyprocs[i], &cip);
         } else {
@@ -432,6 +435,7 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life,
         kerror = krb_parse_in_tkt_creds(user, instance, realm,
                     service, sinstance, life, cip, byteorder, creds);
     } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW));
+    cip = &cip_st;
 
     /* Fill in the local address if the caller wants it */
     if (laddrp != NULL) {