3 files changed, 43 insertions, 40 deletions

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 3e5a5e3653..cbe035a772 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,15 @@
+Thu Apr 20 16:23:23 1995  Theodore Y. Ts'o  (tytso@dcl)
+
+	* mk_req.c (krb5_mk_req): Use krb5_sname_to_principal() in order
+		to create the service principal from the service and
+		hostname pair.  This allows for the host cannoncialization
+		to work correctly.
+
+	* mk_req_ext.c (krb5_mk_req_extended): Revamp checksum handling
+		code so that no checksum is performed in in_data is NULL,
+		and the special case handing of cksumtype == 0x8003 for
+		the GSSAPI library is handled correctly.
+
 Wed Apr 19 13:39:34 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
 	* init_ctx.c: (krb5_init_context) initialize context default
diff --git a/src/lib/krb5/krb/mk_req.c b/src/lib/krb5/krb/mk_req.c
index a9884a48b1..48b72c5af4 100644
--- a/src/lib/krb5/krb/mk_req.c
+++ b/src/lib/krb5/krb/mk_req.c
@@ -66,15 +66,11 @@ krb5_mk_req(context, auth_context, ap_req_options, service, hostname, in_data,
     krb5_creds 		  creds;
     char	       ** realm;
 
-    /* get realm */
-    if (retval = krb5_get_host_realm(context, hostname, &realm)) 
-	return retval;
-
-    /* build principal */
-    if (retval = krb5_build_principal(context, &server, strlen(realm[0]),
-				      realm[0], service, hostname, NULL))
-	goto cleanup_realm;
-				      
+    retval = krb5_sname_to_principal(context, hostname, service, 
+				     KRB5_NT_SRV_HST, &server);
+    if (retval)
+      return retval;
+
     /* obtain ticket & session key */
     memset((char *)&creds, 0, sizeof(creds));
     if (retval = krb5_copy_principal(context, server, &creds.server))
@@ -98,7 +94,5 @@ cleanup_creds:
 cleanup_princ:
     krb5_free_principal(context, server);
 
-cleanup_realm:
-    krb5_free_host_realm(context, realm);
     return retval;
 }
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index 1011574e4a..f146d14832 100644
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -79,6 +79,7 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds,
 {
     krb5_error_code 	  retval;
     krb5_checksum	  checksum;
+    krb5_checksum	  *checksump = 0;
     krb5_auth_context	* new_auth_context;
 
     krb5_ap_req request;
@@ -131,35 +132,30 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds,
 	    goto cleanup;
 
 
-    /* Generate checksum, XXX What should the seed be? */
-    if ((checksum.contents = (krb5_octet *)malloc(krb5_checksum_size(context,
-			     (*auth_context)->cksumtype))) == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+    if (in_data) {
+      if ((*auth_context)->cksumtype == 0x8003) {
+	/* XXX Special hack for GSSAPI */
+	checksum.checksum_type = 0x8003;
+	checksum.length = in_data->length;
+	checksum.contents = (krb5_octet *) in_data->data;
+      } else  {
+	/* Generate checksum, XXX What should the seed be? */
+	if ((checksum.contents = (krb5_octet *)malloc(krb5_checksum_size(context,
+				 (*auth_context)->cksumtype))) == NULL) {
+	  retval = ENOMEM;
+	  goto cleanup;
+	}
+	if (retval = krb5_calculate_checksum(context, 
+					     (*auth_context)->cksumtype, 
+					     in_data->data, in_data->length,
+					     (*auth_context)->keyblock->contents,
+					     (*auth_context)->keyblock->length,
+					     &checksum))
+	  goto cleanup_cksum;
+      }
+      checksump = &checksum;
     }
 
-    if (in_data == NULL) {
-    	if (retval = krb5_calculate_checksum(context, 
-					   (*auth_context)->cksumtype, 0, 0,
-					   (*auth_context)->keyblock->contents,
-                                           (*auth_context)->keyblock->length,
-                                           &checksum))
-	    goto cleanup_cksum;
-    } else 
-        if ((*auth_context)->cksumtype == 0x8003) {
-    	    /* XXX Special hack for GSSAPI */
-	    checksum.checksum_type = 0x8003;
-	    checksum.length = in_data->length;
-	    checksum.contents = (krb5_octet *) in_data->data;
-        } else 
-    	    if (retval = krb5_calculate_checksum(context, 
-					    (*auth_context)->cksumtype, 
-					    in_data->data, in_data->length,
-					    (*auth_context)->keyblock->contents,
-					    (*auth_context)->keyblock->length,
-					    &checksum))
-	        goto cleanup_cksum;
-
     /* Generate authenticator */
     if (((*auth_context)->authentp = (krb5_authenticator *)malloc(sizeof(
 					krb5_authenticator))) == NULL) {
@@ -168,7 +164,7 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds,
     }
 
     if (retval = krb5_generate_authenticator(context, (*auth_context)->authentp,
-					     (in_creds)->client, &checksum,
+					     (in_creds)->client, checksump,
 					     (*auth_context)->local_subkey,
 					     (*auth_context)->local_seq_number,
 					     (in_creds)->authdata))
@@ -229,7 +225,8 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds,
     krb5_xfree(toutbuf);
 
 cleanup_cksum:
-    free(checksum.contents);
+    if (checksump && checksump->checksum_type != 0x8003)
+      free(checksump->contents);
 
 cleanup:
     if (request.ticket)