Use the list of encryption types passed as part of the KDC request to

determine which encryption to use for encrypting the ticket.  The
encryption must be one that is supported by the KDC, as well as being
one which is marked as being supported by the server of the ticket.
In a AS request, also use this encryption for encrypting the KDC
response.  In a TGS request, use the encryption type of the TGT
authenticator to determine how to encrypt the KDC response.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4712 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 77 insertions, 17 deletions

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 69d55104d..01bf1a131 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,16 @@
+Mon Nov 21 17:23:50 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+	* do_tgs_req.c (process_tgs_req):
+	* do_as_req.c (process_as_req): Use the list of encryption types
+		passed as part of the KDC request to determine which
+		encryption to use for encrypting the ticket.  The
+		encryption must be one that is supported by the KDC, as
+		well as being one which is marked as being supported by
+		the server of the ticket.  In a AS request, also use this
+		encryption for encrypting the KDC response.  In a TGS
+		request, use the encryption type of the TGT authenticator
+		to determine how to encrypt the KDC response. 
+
 Tue Nov  8 17:51:30 1994  Theodore Y. Ts'o  (tytso@dcl)
 
 	* do_tgs_req.c (process_tgs_req): Use published interface to call
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 12fea7aa5..62fb0eb25 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -237,9 +237,23 @@ krb5_data **response;			/* filled in with a response packet */
 	goto errout;
     }
       
-    for (i = 0; i < request->netypes; i++)
-	if (valid_etype(request->etype[i]))
+    for (i = 0; i < request->netypes; i++) {
+	krb5_keytype ok_keytype;
+	
+	if (!valid_etype(request->etype[i]))
+	    continue;
+
+	if (request->etype[i] == ETYPE_DES_CBC_MD5 &&
+	    !isflagset(server.attributes, KRB5_KDB_SUPPORT_DESMD5))
+	    continue;
+
+	ok_keytype = krb5_csarray[request->etype[i]]->system->proto_keytype;
+
+	if (server.key.keytype == ok_keytype ||
+	    server.alt_key.keytype == ok_keytype)
 	    break;
+    }
+    
     if (i == request->netypes) {
 	/* unsupported etype */
 	    
@@ -261,8 +275,6 @@ krb5_data **response;			/* filled in with a response packet */
     }
 
     ticket_reply.server = request->server;
-    ticket_reply.enc_part.etype = useetype;
-    ticket_reply.enc_part.kvno = server.kvno;
 
     enc_tkt_reply.flags = 0;
     setflag(enc_tkt_reply.flags, TKT_FLG_INITIAL);
@@ -404,11 +416,12 @@ krb5_data **response;			/* filled in with a response packet */
        in the database) */
     if (retval = KDB_CONVERT_KEY_OUTOF_DB(&server.key, &encrypting_key))
 	goto errout;
-    retval = krb5_encrypt_tkt_part(&encrypting_key, &ticket_reply);
+    retval = krb5_encrypt_tkt_part(&eblock, &encrypting_key, &ticket_reply);
     memset((char *)encrypting_key.contents, 0, encrypting_key.length);
     krb5_xfree(encrypting_key.contents);
     if (retval)
 	goto errout;
+    ticket_reply.enc_part.kvno = server.kvno;
 
     /* Start assembling the response */
     reply.msg_type = KRB5_AS_REP;
@@ -451,9 +464,7 @@ krb5_data **response;			/* filled in with a response packet */
     }
 
     reply.client = request->client;
-    /* XXX need separate etypes for ticket encryption and kdc_rep encryption */
-    reply.enc_part.etype = useetype;
-    reply.enc_part.kvno = client.kvno;
+
     reply.ticket = &ticket_reply;
 
     reply_encpart.session = session_key;
@@ -479,7 +490,8 @@ krb5_data **response;			/* filled in with a response packet */
     if (retval = KDB_CONVERT_KEY_OUTOF_DB(&client.key, &encrypting_key))
 	goto errout;
 
-    retval = krb5_encode_kdc_rep(KRB5_AS_REP, &reply_encpart,
+    reply.enc_part.kvno = client.kvno;
+    retval = krb5_encode_kdc_rep(KRB5_AS_REP, &reply_encpart, &eblock,
 				 &encrypting_key,  &reply, response);
     memset((char *)encrypting_key.contents, 0, encrypting_key.length);
     krb5_xfree(encrypting_key.contents);
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 62d810bfc..46407185c 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -67,6 +67,7 @@ int	is_secondary;
 krb5_data **response;			/* filled in with a response packet */
 {
     krb5_encrypt_block eblock;
+    krb5_keytype second_ticket_etype = ETYPE_UNKNOWN;
     krb5_kdc_req *request = 0;
     krb5_db_entry server;
     krb5_kdc_rep reply;
@@ -199,9 +200,37 @@ tgt_again:
 	goto cleanup;
     }
 
-    for (i = 0; i < request->netypes; i++)
-	if (valid_etype(request->etype[i]))
+    /*
+     * If we are using user-to-user authentication, then the resulting
+     * ticket has to use the same encryption system as was used to
+     * encrypt the ticket, since that's the same encryption system
+     * that's used for the ticket session key --- and that's what we
+     * use to encrypt the ticket!
+     */
+    if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY))
+	second_ticket_etype = request->second_ticket[st_idx]->enc_part.etype;
+	    
+    for (i = 0; i < request->netypes; i++) {
+	krb5_keytype ok_keytype;
+	
+	if (!valid_etype(request->etype[i]))
+	    continue;
+
+	if (second_ticket_etype != ETYPE_UNKNOWN &&
+	    second_ticket_etype != request->etype[i])
+	    continue;
+
+	if (request->etype[i] == ETYPE_DES_CBC_MD5 &&
+	    !isflagset(server.attributes, KRB5_KDB_SUPPORT_DESMD5))
+	    continue;
+
+	ok_keytype = krb5_csarray[request->etype[i]]->system->proto_keytype;
+
+	if (server.key.keytype == ok_keytype ||
+	    server.alt_key.keytype == ok_keytype)
 	    break;
+    }
+    
     if (i == request->netypes) {
 	/* unsupported etype */
 	status = "BAD_ENCRYPTION_TYPE";
@@ -220,8 +249,6 @@ tgt_again:
     }
 
     ticket_reply.server = request->server; /* XXX careful for realm... */
-    ticket_reply.enc_part.etype = useetype;
-    ticket_reply.enc_part.kvno = server.kvno;
 
     enc_tkt_reply.flags = 0;
     enc_tkt_reply.times.starttime = 0;
@@ -466,6 +493,12 @@ tgt_again:
 
     ticket_reply.enc_part2 = &enc_tkt_reply;
 
+    /*
+     * If we are doing user-to-user authentication, then make sure
+     * that the client for the second ticket matches the request
+     * server, and then encrypt the ticket using the session key of
+     * the second ticket.
+     */
     if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY)) {
 	krb5_keyblock *st_sealing_key;
 	krb5_kvno st_srv_kvno;
@@ -500,7 +533,9 @@ tgt_again:
 		goto cleanup;
 	}
 	    
-	if (retval = krb5_encrypt_tkt_part(request->second_ticket[st_idx]->enc_part2->session,
+	ticket_reply.enc_part.kvno = 0;
+	if (retval = krb5_encrypt_tkt_part(&eblock,
+					   request->second_ticket[st_idx]->enc_part2->session,
 					   &ticket_reply)) {
 	    status = "2ND_TKT_ENCRYPT";
 	    goto cleanup;
@@ -514,7 +549,8 @@ tgt_again:
 	    goto cleanup;
 	}
 
-	retval = krb5_encrypt_tkt_part(&encrypting_key, &ticket_reply);
+	ticket_reply.enc_part.kvno = server.kvno;
+	retval = krb5_encrypt_tkt_part(&eblock, &encrypting_key, &ticket_reply);
 
 	memset((char *)encrypting_key.contents, 0, encrypting_key.length);
 	krb5_xfree(encrypting_key.contents);
@@ -529,7 +565,6 @@ tgt_again:
     reply.msg_type = KRB5_TGS_REP;
     reply.padata = 0;		/* always */
     reply.client = header_ticket->enc_part2->client;
-    reply.enc_part.etype = useetype;
     reply.enc_part.kvno = 0;		/* We are using the session key */
     reply.ticket = &ticket_reply;
 
@@ -558,7 +593,7 @@ tgt_again:
     /* use the session key in the ticket, unless there's a subsession key
        in the AP_REQ */
 
-    retval = krb5_encode_kdc_rep(KRB5_TGS_REP, &reply_encpart,
+    retval = krb5_encode_kdc_rep(KRB5_TGS_REP, &reply_encpart, &eblock,
 				 req_authdat->authenticator->subkey ?
 				 req_authdat->authenticator->subkey :
 				 header_ticket->enc_part2->session,