diff options
| author | Richard Basch <probe@mit.edu> | 1996-03-22 04:55:58 +0000 |
|---|---|---|
| committer | Richard Basch <probe@mit.edu> | 1996-03-22 04:55:58 +0000 |
| commit | b301a723e23ad23e570b43b3354e841d010f014c (patch) | |
| tree | 02de7148cefe26e1b277b1163d2c16cbb41ccf7f /src/lib | |
| parent | bda2836b2ea9c37135801ce2f7d8f912029c8cb8 (diff) | |
| download | krb5-b301a723e23ad23e570b43b3354e841d010f014c.tar.gz krb5-b301a723e23ad23e570b43b3354e841d010f014c.tar.xz krb5-b301a723e23ad23e570b43b3354e841d010f014c.zip | |
krb5_get_in_tkt_with_keytab(): only request keytypes that have corresponding
entries in the keytab.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7702 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 5 | ||||
| -rw-r--r-- | src/lib/krb5/krb/in_tkt_ktb.c | 57 |
2 files changed, 57 insertions, 5 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 8ac2c0843..57906865a 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -8,6 +8,11 @@ Wed Mar 20 23:00:59 1996 Theodore Y. Ts'o <tytso@dcl> * get_in_tkt.c (krb5_get_in_tkt): Fix 16bit vs. 32bit error. (do_more should not have been an int!) +Tue Mar 19 13:03:26 1996 Richard Basch <basch@lehman.com> + + * in_tkt_ktb.c (krb5_get_in_tkt_with_keytab): + Only request keytypes that correspond to those in the keytab. + Mon Mar 18 21:49:39 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * configure.in: Add KRB5_RUN_FLAGS diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c index deb7a4a1a..f0b0ab3e3 100644 --- a/src/lib/krb5/krb/in_tkt_ktb.c +++ b/src/lib/krb5/krb/in_tkt_ktb.c @@ -126,12 +126,59 @@ krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types, krb5_kdc_rep ** ret_as_reply; { struct keytab_keyproc_arg arg; + krb5_enctype * kt_ktypes = (krb5_enctype *) NULL; + krb5_keytab kt_id = keytab; + krb5_keytab_entry kt_ent; + krb5_error_code retval; + register int i, j; + + if (! ktypes) { + /* get the default enctype list */ + retval = krb5_get_default_in_tkt_ktypes(context, &kt_ktypes); + if (retval) return retval; + } else { + /* copy the desired enctypes into a temporary array */ + for (i = 0; ktypes[i]; i++) ; + kt_ktypes = (krb5_enctype *)malloc((i + 1) * sizeof(krb5_enctype)); + if (! kt_ktypes) return ENOMEM; + for (i = 0; kt_ktypes[i] = ktypes[i]; i++) ; + } + + /* only keep the enctypes for which we have keytab entries */ - arg.keytab = keytab; + if (kt_id == NULL) { + retval = krb5_kt_default(context, &kt_id); + if (retval) goto cleanup; + } + i = 0; + while (kt_ktypes[i]) { + retval = krb5_kt_get_entry(context, kt_id, creds->client, + 0, /* don't have vno available */ + kt_ktypes[i], &kt_ent); + if (retval) { + if (retval != KRB5_KT_NOTFOUND) + goto cleanup; + /* strip the enctype from the requested enctype list */ + for (j = i; kt_ktypes[j] = kt_ktypes[j+1]; j++) ; + } else { + /* we have this enctype; proceed to the next one */ + (void) krb5_kt_free_entry(context, &kt_ent); + i++; + } + } + + arg.keytab = kt_id; arg.client = creds->client; - return (krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, - keytab_keyproc, (krb5_pointer)&arg, - krb5_kdc_rep_decrypt_proc, 0, creds, - ccache, ret_as_reply)); + retval = krb5_get_in_tkt(context, options, addrs, kt_ktypes, + pre_auth_types, + keytab_keyproc, (krb5_pointer)&arg, + krb5_kdc_rep_decrypt_proc, 0, creds, + ccache, ret_as_reply); +cleanup: + if (kt_ktypes) + free(kt_ktypes); + if ((keytab == NULL) && (kt_id != NULL)) + krb5_kt_close(context, kt_id); + return retval; } |