diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2000-08-29 22:36:45 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2000-08-29 22:36:45 +0000 |
| commit | 38bcab3a608056491e3b09811d6f6a3ff8774ce9 (patch) | |
| tree | 5e2508d5971a3cb9f515f5803fd23183228b0887 /src/lib/krb5 | |
| parent | e9dfb3cd26c5b55b80c781cd10cacad8427d2bf6 (diff) | |
| download | krb5-38bcab3a608056491e3b09811d6f6a3ff8774ce9.tar.gz krb5-38bcab3a608056491e3b09811d6f6a3ff8774ce9.tar.xz krb5-38bcab3a608056491e3b09811d6f6a3ff8774ce9.zip | |
* get_creds.c (krb5_get_credentials_core): If the supplied enctype is not
supported, return an error; can't satisfy both TC_SUPPORTED_KTYPES and
TC_MATCH_KTYPE that way. Delete unused arguments CCACHE and OUT_CREDS; fix
callers.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12636 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5')
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 7 | ||||
| -rw-r--r-- | src/lib/krb5/krb/get_creds.c | 25 |
2 files changed, 25 insertions, 7 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index e13fc341c..e39d0f61e 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +2000-08-29 Ken Raeburn <raeburn@mit.edu> + + * get_creds.c (krb5_get_credentials_core): If the supplied enctype + is not supported, return an error; can't satisfy both + TC_SUPPORTED_KTYPES and TC_MATCH_KTYPE that way. Delete unused + arguments CCACHE and OUT_CREDS; fix callers. + 2000-07-18 Ezra Peisach <epeisach@mit.edu> * vfy_increds.c: include int-proto.h for krb5_libdefault_boolean diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index 2538735da..dfee52f37 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -46,13 +46,10 @@ #include "k5-int.h" static krb5_error_code -krb5_get_credentials_core(context, options, ccache, in_creds, out_creds, - mcreds, fields) +krb5_get_credentials_core(context, options, in_creds, mcreds, fields) krb5_context context; const krb5_flags options; - krb5_ccache ccache; krb5_creds *in_creds; - krb5_creds **out_creds; krb5_creds *mcreds; krb5_flags *fields; { @@ -74,8 +71,22 @@ krb5_get_credentials_core(context, options, ccache, in_creds, out_creds, *fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */ | KRB5_TC_MATCH_AUTHDATA | KRB5_TC_SUPPORTED_KTYPES; - if (mcreds->keyblock.enctype) + if (mcreds->keyblock.enctype) { + krb5_enctype *ktypes; + krb5_error_code ret; + int i; + *fields |= KRB5_TC_MATCH_KTYPE; + ret = krb5_get_tgs_ktypes (context, mcreds->server, &ktypes); + for (i = 0; ktypes[i]; i++) + if (ktypes[i] == mcreds->keyblock.enctype) + break; + if (ktypes[i] == 0) + ret = KRB5_CC_NOT_KTYPE; + free (ktypes); + if (ret) + return ret; + } if (options & KRB5_GC_USER_USER) { /* also match on identical 2nd tkt and tkt encrypted in a session key */ @@ -104,8 +115,8 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds) krb5_flags fields; int not_ktype; - retval = krb5_get_credentials_core(context, options, ccache, - in_creds, out_creds, + retval = krb5_get_credentials_core(context, options, + in_creds, &mcreds, &fields); if (retval) return retval; |