diff options
| author | Richard Basch <probe@mit.edu> | 1995-12-05 03:48:32 +0000 |
|---|---|---|
| committer | Richard Basch <probe@mit.edu> | 1995-12-05 03:48:32 +0000 |
| commit | 350a6a210a32ca99ca03529bd705f2cc673ded81 (patch) | |
| tree | 0a14fb506147881667fc7a44df77408153cb9495 /src/lib | |
| parent | 170ba81aa63be035d2a1b6020558fee1f7ec4ded (diff) | |
| download | krb5-350a6a210a32ca99ca03529bd705f2cc673ded81.tar.gz krb5-350a6a210a32ca99ca03529bd705f2cc673ded81.tar.xz krb5-350a6a210a32ca99ca03529bd705f2cc673ded81.zip | |
Added support for matching against a supported app. session key type
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7170 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/ccache/file/fcc_retrv.c | 27 | ||||
| -rw-r--r-- | src/lib/krb5/ccache/memory/mcc_retrv.c | 27 | ||||
| -rw-r--r-- | src/lib/krb5/ccache/stdio/scc_retrv.c | 27 |
3 files changed, 81 insertions, 0 deletions
diff --git a/src/lib/krb5/ccache/file/fcc_retrv.c b/src/lib/krb5/ccache/file/fcc_retrv.c index c7f03ebc2..1076cee33 100644 --- a/src/lib/krb5/ccache/file/fcc_retrv.c +++ b/src/lib/krb5/ccache/file/fcc_retrv.c @@ -68,6 +68,30 @@ register const krb5_data *data1, *data2; return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE; } +static krb5_boolean +ktype_match(context, creds) +register krb5_context context; +register krb5_creds *creds; +{ + register int i; + krb5_enctype * ktypes = (krb5_enctype *) NULL; + krb5_enctype enctype = creds->keyblock.enctype; + krb5_principal princ = creds->server; + + if (krb5_get_tgs_ktypes(context, princ, &ktypes)) + return FALSE; + + for (i=0; ktypes[i]; i++) { + if (ktypes[i] == enctype) { + free(ktypes); + return TRUE; + } + } + + free(ktypes); + return FALSE; +} + /* * Effects: * Searches the file cred cache is for a credential matching mcreds, @@ -132,6 +156,9 @@ krb5_fcc_retrieve(context, id, whichfields, mcreds, creds) && (! set(KRB5_TC_MATCH_2ND_TKT) || data_match (&mcreds->second_ticket, &fetchcreds.second_ticket)) + && + (! set(KRB5_TC_MATCH_KTYPE) || + ktype_match (context, &fetchcreds)) ) { krb5_fcc_end_seq_get(context, id, &cursor); diff --git a/src/lib/krb5/ccache/memory/mcc_retrv.c b/src/lib/krb5/ccache/memory/mcc_retrv.c index 239347434..0d61f2b28 100644 --- a/src/lib/krb5/ccache/memory/mcc_retrv.c +++ b/src/lib/krb5/ccache/memory/mcc_retrv.c @@ -64,6 +64,30 @@ register const krb5_data *data1, *data2; return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE; } +static krb5_boolean +ktype_match(context, creds) +register krb5_context context; +register krb5_creds *creds; +{ + register int i; + krb5_enctype * ktypes = (krb5_enctype *) NULL; + krb5_enctype enctype = creds->keyblock.enctype; + krb5_principal princ = creds->server; + + if (krb5_get_tgs_ktypes(context, princ, &ktypes)) + return FALSE; + + for (i=0; ktypes[i]; i++) { + if (ktypes[i] == enctype) { + free(ktypes); + return TRUE; + } + } + + free(ktypes); + return FALSE; +} + /* * Effects: * Searches the file cred cache for a credential matching mcreds, @@ -128,6 +152,9 @@ krb5_mcc_retrieve(context, id, whichfields, mcreds, creds) && (! set(KRB5_TC_MATCH_2ND_TKT) || data_match (&mcreds->second_ticket, &fetchcreds.second_ticket)) + && + (! set(KRB5_TC_MATCH_KTYPE) || + ktype_match (context, &fetchcreds)) ) { krb5_mcc_end_seq_get(context, id, &cursor); diff --git a/src/lib/krb5/ccache/stdio/scc_retrv.c b/src/lib/krb5/ccache/stdio/scc_retrv.c index c196c00fa..2f3340f8d 100644 --- a/src/lib/krb5/ccache/stdio/scc_retrv.c +++ b/src/lib/krb5/ccache/stdio/scc_retrv.c @@ -134,6 +134,30 @@ register const krb5_data *data1, *data2; return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE; } +static krb5_boolean +ktype_match(context, creds) +register krb5_context context; +register krb5_creds *creds; +{ + register int i; + krb5_enctype * ktypes = (krb5_enctype *) NULL; + krb5_enctype enctype = creds->keyblock.enctype; + krb5_principal princ = creds->server; + + if (krb5_get_tgs_ktypes(context, princ, &ktypes)) + return FALSE; + + for (i=0; ktypes[i]; i++) { + if (ktypes[i] == enctype) { + free(ktypes); + return TRUE; + } + } + + free(ktypes); + return FALSE; +} + /* * Effects: * Searches the file cred cache is for a credential matching mcreds, @@ -198,6 +222,9 @@ krb5_scc_retrieve(context, id, whichfields, mcreds, creds) && (! set(KRB5_TC_MATCH_2ND_TKT) || data_match (&mcreds->second_ticket, &fetchcreds.second_ticket)) + && + (! set(KRB5_TC_MATCH_KTYPE) || + ktype_match (context, &fetchcreds)) ) { krb5_scc_end_seq_get(context, id, &cursor); |