Previously, ktype_match only made sure that the enctype was valid

and in the set of default tgs enctypes.
Now, if matching on keytype, do an exact match, else
use ktype_reasonable (renamed ktype_match) to make
sure the ticket is in the default tgs enctypes.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7384 dc483132-0cff-0310-8789-dd5450dbe970

6 files changed, 35 insertions, 15 deletions

diff --git a/src/lib/krb5/ccache/file/ChangeLog b/src/lib/krb5/ccache/file/ChangeLog
index d9634a711..05a33d7e0 100644
--- a/src/lib/krb5/ccache/file/ChangeLog
+++ b/src/lib/krb5/ccache/file/ChangeLog
@@ -1,3 +1,11 @@
+Wed Jan 24 21:36:34 1996  Sam Hartman  <hartmans@tertius.mit.edu>
+
+	* fcc_retrv.c (ktype_reasonable): Renamed ktype_match because it
+        didn't really match enctypes.  Instead, it just determined whether
+        they were something the TGS would likely return.  When I ask for
+        an exact enctype match, I want an enctype match.
+	(krb5_fcc_retrieve): Match keytype exactly if matching enctype.
+
 Wed Jan 10 21:14:31 1996  Theodore Y. Ts'o  <tytso@dcl>
 
 	* fcc.h (KRB5_FCC_DEFAULT_VNO): Remove KRB5_FCC_DEFAULT_VNO; now
diff --git a/src/lib/krb5/ccache/file/fcc_retrv.c b/src/lib/krb5/ccache/file/fcc_retrv.c
index 1076cee33..2e1bdf838 100644
--- a/src/lib/krb5/ccache/file/fcc_retrv.c
+++ b/src/lib/krb5/ccache/file/fcc_retrv.c
@@ -69,7 +69,7 @@ register const krb5_data *data1, *data2;
 }
 
 static krb5_boolean
-ktype_match(context, creds)
+ktype_reasonable(context, creds)
 register krb5_context context;
 register krb5_creds *creds;
 {
@@ -132,7 +132,7 @@ krb5_fcc_retrieve(context, id, whichfields, mcreds, creds)
 	  return kret;
 
      while ((kret = krb5_fcc_next_cred(context, id, &cursor, &fetchcreds)) == KRB5_OK) {
-	  if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) &&
+	 if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) &&
 		   srvname_match(context, mcreds, &fetchcreds)) ||
 	       standard_fields_match(context, mcreds, &fetchcreds))
 	      &&
@@ -157,9 +157,9 @@ krb5_fcc_retrieve(context, id, whichfields, mcreds, creds)
 	      (! set(KRB5_TC_MATCH_2ND_TKT) ||
 	       data_match (&mcreds->second_ticket, &fetchcreds.second_ticket))
 	      &&
-	      (! set(KRB5_TC_MATCH_KTYPE) ||
-	       ktype_match (context, &fetchcreds))
-	      )
+	     ((! set(KRB5_TC_MATCH_KTYPE)&&
+		      ktype_reasonable (context, &fetchcreds))||
+		(mcreds->keyblock.enctype == fetchcreds.keyblock.enctype)))
 	  {
 	       krb5_fcc_end_seq_get(context, id, &cursor);
 	       *creds = fetchcreds;
diff --git a/src/lib/krb5/ccache/memory/ChangeLog b/src/lib/krb5/ccache/memory/ChangeLog
index aeb5a566c..2064c8c39 100644
--- a/src/lib/krb5/ccache/memory/ChangeLog
+++ b/src/lib/krb5/ccache/memory/ChangeLog
@@ -1,3 +1,8 @@
+Thu Jan 25 14:50:51 1996  Sam Hartman  <hartmans@tertius.mit.edu>
+
+	* mcc_retrv.c (ktype_reasonable): Rename ktype_match
+	(krb5_mcc_retrieve): Match enctype exactly if requested.
+
 Sat Nov  4 00:45:42 1995  Theodore Y. Ts'o  <tytso@dcl>
 
 	* mcc_ops.c: Remove excess code which is defined in fcc_ops.c
diff --git a/src/lib/krb5/ccache/memory/mcc_retrv.c b/src/lib/krb5/ccache/memory/mcc_retrv.c
index 0d61f2b28..9280c73b7 100644
--- a/src/lib/krb5/ccache/memory/mcc_retrv.c
+++ b/src/lib/krb5/ccache/memory/mcc_retrv.c
@@ -65,9 +65,9 @@ register const krb5_data *data1, *data2;
 }
 
 static krb5_boolean
-ktype_match(context, creds)
-register krb5_context context;
-register krb5_creds *creds;
+ktype_reasonable(context, creds)
+    register krb5_context context;
+    register krb5_creds *creds;
 {
     register int i;
     krb5_enctype * ktypes = (krb5_enctype *) NULL;
@@ -153,8 +153,9 @@ krb5_mcc_retrieve(context, id, whichfields, mcreds, creds)
 	      (! set(KRB5_TC_MATCH_2ND_TKT) ||
 	       data_match (&mcreds->second_ticket, &fetchcreds.second_ticket))
 	      &&
-	      (! set(KRB5_TC_MATCH_KTYPE) ||
-	       ktype_match (context, &fetchcreds))
+	      ((! set(KRB5_TC_MATCH_KTYPE) &&
+		ktype_reasonable (context, &fetchcreds))||
+	       (mcreds->keyblock.enctype == fetchcreds.keyblock.enctype))
 	      )
 	  {
 	       krb5_mcc_end_seq_get(context, id, &cursor);
diff --git a/src/lib/krb5/ccache/stdio/ChangeLog b/src/lib/krb5/ccache/stdio/ChangeLog
index 5a3939e7b..1b3e55b97 100644
--- a/src/lib/krb5/ccache/stdio/ChangeLog
+++ b/src/lib/krb5/ccache/stdio/ChangeLog
@@ -1,3 +1,8 @@
+Thu Jan 25 14:44:48 1996  Sam Hartman  <hartmans@tertius.mit.edu>
+
+	* scc_retrv.c (ktype_reasonable): Rename ktype_match; see fcc  for explanation.
+	(krb5_scc_retrieve): Match exactly on enctype if requested to do so.
+
 Wed Jan 10 22:44:43 1996  Theodore Y. Ts'o  <tytso@dcl>
 
 	* scc.h (KRB5_SCC_DEFAULT_VNO): Remove KRB5_SCC_DEFAULT_VNO; now
diff --git a/src/lib/krb5/ccache/stdio/scc_retrv.c b/src/lib/krb5/ccache/stdio/scc_retrv.c
index 2f3340f8d..0c905d7c9 100644
--- a/src/lib/krb5/ccache/stdio/scc_retrv.c
+++ b/src/lib/krb5/ccache/stdio/scc_retrv.c
@@ -135,9 +135,9 @@ register const krb5_data *data1, *data2;
 }
 
 static krb5_boolean
-ktype_match(context, creds)
-register krb5_context context;
-register krb5_creds *creds;
+ktype_reasonable(context, creds)
+    register krb5_context context;
+    register krb5_creds *creds;
 {
     register int i;
     krb5_enctype * ktypes = (krb5_enctype *) NULL;
@@ -223,8 +223,9 @@ krb5_scc_retrieve(context, id, whichfields, mcreds, creds)
 	      (! set(KRB5_TC_MATCH_2ND_TKT) ||
 	       data_match (&mcreds->second_ticket, &fetchcreds.second_ticket))
 	      &&
-	      (! set(KRB5_TC_MATCH_KTYPE) ||
-	       ktype_match (context, &fetchcreds))
+	      ((! set(KRB5_TC_MATCH_KTYPE)&&
+		ktype_reasonable (context, &fetchcreds))||
+		  (mcreds->keyblock.enctype == fetchcreds.keyblock.enctype))
 	      )
 	  {
 	       krb5_scc_end_seq_get(context, id, &cursor);