diff options
author | Sam Hartman <hartmans@mit.edu> | 2003-02-15 01:15:10 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2003-02-15 01:15:10 +0000 |
commit | f75a3db8b492631632c8555ed41ba5daf5488aef (patch) | |
tree | 36f323ef3f55f0f0da9eca51bf54c80c13759e11 /src/lib/krb5/krb | |
parent | f9137481fc5fcba7bec7b1b4063d6c56ad5e2a9e (diff) | |
download | krb5-f75a3db8b492631632c8555ed41ba5daf5488aef.tar.gz krb5-f75a3db8b492631632c8555ed41ba5daf5488aef.tar.xz krb5-f75a3db8b492631632c8555ed41ba5daf5488aef.zip |
The client sorts the enctype list returned by etype_info ordering
enctypes that it requested or that are similar to ones it requested
first.
The KDC only includes enctypes in etype_info if they were requested by
the client.
ticket: 1006
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15191 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb')
-rw-r--r-- | src/lib/krb5/krb/ChangeLog | 5 | ||||
-rw-r--r-- | src/lib/krb5/krb/preauth2.c | 73 |
2 files changed, 77 insertions, 1 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index bc1588275..95da8d84a 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,8 @@ +2003-02-14 Sam Hartman <hartmans@mit.edu> + + * preauth2.c (krb5_do_preauth): Sort incoming etype info based on + preference order in request + 2003-02-13 Sam Hartman <hartmans@mit.edu> * gic_keytab.c (krb5_get_as_key_keytab): Nathan Neulinger points diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index f99379fa2..34cb40f22 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -1,5 +1,5 @@ /* - * Copyright 1995 by the Massachusetts Institute of Technology. All + * Copyright 1995, 2003 by the Massachusetts Institute of Technology. All * Rights Reserved. * * Export of this software from the United States of America may @@ -825,6 +825,76 @@ static const pa_types_t pa_types[] = { }, }; +static void +sort_etype_info(krb5_context context, krb5_kdc_req *request, + krb5_etype_info_entry **etype_info) +{ +/* Originally adapted from a proposed solution in ticket 1006. This + * solution is not efficient, but implementing an efficient sort + * with a comparison function based on order in the kdc request would + * be difficult.*/ + krb5_etype_info_entry *tmp; + int i, j, e; + krb5_boolean similar; + + if (etype_info == NULL) + return; + + /* First, move up etype_info_entries whose enctype exactly matches a + * requested enctype. + */ + e = 0; + for ( i = 0 ; i < request->nktypes && etype_info[e] != NULL ; i++ ) + { + if (request->ktype[i] == etype_info[e]->etype) + { + e++; + continue; + } + for ( j = e+1 ; etype_info[j] ; j++ ) + if (request->ktype[i] == etype_info[j]->etype) + break; + if (etype_info[j] == NULL) + continue; + + tmp = etype_info[j]; + etype_info[j] = etype_info[e]; + etype_info[e] = tmp; + e++; + } + + /* Then move up etype_info_entries whose enctype is similar to a + * requested enctype. + */ + for ( i = 0 ; i < request->nktypes && etype_info[e] != NULL ; i++ ) + { + if (krb5_c_enctype_compare(context, request->ktype[i], etype_info[e]->etype, &similar) != 0) + continue; + + if (similar) + { + e++; + continue; + } + for ( j = e+1 ; etype_info[j] ; j++ ) + { + if (krb5_c_enctype_compare(context, request->ktype[i], etype_info[j]->etype, &similar) != 0) + continue; + + if (similar) + break; + } + if (etype_info[j] == NULL) + continue; + + tmp = etype_info[j]; + etype_info[j] = etype_info[e]; + etype_info[e] = tmp; + e++; + } +} + + krb5_error_code krb5_do_preauth(krb5_context context, krb5_kdc_req *request, @@ -891,6 +961,7 @@ krb5_do_preauth(krb5_context context, etype_info = NULL; break; } + sort_etype_info(context, request, etype_info); salt->data = (char *) etype_info[0]->salt; salt->length = etype_info[0]->length; *etype = etype_info[0]->etype; |