* in_tkt_ktb.c (keytab_keyproc): Do not check to see that the

enctype of the key is identical; there are several equivalent
DES enctypes.

* in_tkt_ktb.c (krb5_get_in_tkt_with_keytab): Removed the fancy
logic to only request the keytypes that correspond to those in
the keytab.  There were too many fencepost conditions that could
get you into trouble.  Either it should be there and *fully*
functional, or not in there at all.  Besides, there are too many
other components in Kerberos that expect the end-service to know
all its keys that this sanity check is overkill.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7720 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 20 insertions, 59 deletions

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 796754ae8..ba9bc2a2e 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -4,6 +4,20 @@ Tue Mar 26 14:45:03 1996  Richard Basch  <basch@lehman.com>
 	requiring domain conversion for the instance.  (imap/<host> is used
 	by some of the new imap mail implementations)
 
+Wed Mar 27 17:05:47 1996  Richard Basch  <basch@lehman.com>
+
+	* in_tkt_ktb.c (keytab_keyproc): Do not check to see that the
+	enctype of the key is identical; there are several equivalent
+	DES enctypes.
+
+	* in_tkt_ktb.c (krb5_get_in_tkt_with_keytab): Removed the fancy
+	logic to only request the keytypes that correspond to those in
+	the keytab.  There were too many fencepost conditions that could
+	get you into trouble.  Either it should be there and *fully*
+	functional, or not in there at all.  Besides, there are too many
+	other components in Kerberos that expect the end-service to know
+	all its keys that this sanity check is overkill.
+
 Sun Mar 24 01:34:14 1996  Sam Hartman  <hartmans@tertius.mit.edu>
 
 	* send_tgs.c (krb5_send_tgs_basic): You want to setup the eblock
diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c
index f0b0ab3e3..257ecce0f 100644
--- a/src/lib/krb5/krb/in_tkt_ktb.c
+++ b/src/lib/krb5/krb/in_tkt_ktb.c
@@ -78,13 +78,6 @@ keytab_keyproc(context, type, salt, keyseed, key)
 	(void) krb5_kt_free_entry(context, &kt_ent);
 	goto cleanup;
     }
-	
-    if (realkey->enctype != type) {
-	(void) krb5_kt_free_entry(context, &kt_ent);
-	krb5_free_keyblock(context, realkey);
-	retval = KRB5_PROG_ETYPE_NOSUPP;
-	goto cleanup;
-    }	
 
     (void) krb5_kt_free_entry(context, &kt_ent);
     *key = realkey;
@@ -126,59 +119,13 @@ krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types,
     krb5_kdc_rep ** ret_as_reply;
 {
     struct keytab_keyproc_arg arg;
-    krb5_enctype * kt_ktypes = (krb5_enctype *) NULL;
-    krb5_keytab kt_id = keytab;
-    krb5_keytab_entry kt_ent;
-    krb5_error_code retval;
-    register int i, j;
-
-    if (! ktypes) {
-	/* get the default enctype list */
-	retval = krb5_get_default_in_tkt_ktypes(context, &kt_ktypes);
-	if (retval) return retval;
-    } else {
-	/* copy the desired enctypes into a temporary array */
-	for (i = 0; ktypes[i]; i++) ;
-	kt_ktypes = (krb5_enctype *)malloc((i + 1) * sizeof(krb5_enctype));
-	if (! kt_ktypes) return ENOMEM;
-	for (i = 0; kt_ktypes[i] = ktypes[i]; i++) ;
-    }
-
-    /* only keep the enctypes for which we have keytab entries */
 
-    if (kt_id == NULL) {
-	retval = krb5_kt_default(context, &kt_id);
-	if (retval) goto cleanup;
-    }
-    i = 0;
-    while (kt_ktypes[i]) {
-	retval = krb5_kt_get_entry(context, kt_id, creds->client,
-				   0, /* don't have vno available */
-				   kt_ktypes[i], &kt_ent);
-	if (retval) {
-	    if (retval != KRB5_KT_NOTFOUND)
-		goto cleanup;
-	    /* strip the enctype from the requested enctype list */
-	    for (j = i; kt_ktypes[j] = kt_ktypes[j+1]; j++) ;
-	} else {
-	    /* we have this enctype; proceed to the next one */
-	    (void) krb5_kt_free_entry(context, &kt_ent);
-	    i++;
-	}
-    }
-
-    arg.keytab = kt_id;
+    arg.keytab = keytab;
     arg.client = creds->client;
 
-    retval = krb5_get_in_tkt(context, options, addrs, kt_ktypes,
-			     pre_auth_types,
-			     keytab_keyproc, (krb5_pointer)&arg,
-			     krb5_kdc_rep_decrypt_proc, 0, creds,
-			     ccache, ret_as_reply);
-cleanup:
-    if (kt_ktypes)
-	free(kt_ktypes);
-    if ((keytab == NULL) && (kt_id != NULL))
-	krb5_kt_close(context, kt_id);
-    return retval;
+    return(krb5_get_in_tkt(context, options, addrs, ktypes,
+			   pre_auth_types,
+			   keytab_keyproc, (krb5_pointer)&arg,
+			   krb5_kdc_rep_decrypt_proc, 0, creds,
+			   ccache, ret_as_reply));
 }