diff options
| author | Sam Hartman <hartmans@mit.edu> | 1996-01-25 20:04:58 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 1996-01-25 20:04:58 +0000 |
| commit | f77df5517ab35f56e5be03faccd22f4b542b9d05 (patch) | |
| tree | 8dfea64cfa1271974aac95b440f80e31fccb22df /src | |
| parent | 2f0de7c22a5a554fff28c17ae7c0a741dfd48108 (diff) | |
| download | krb5-f77df5517ab35f56e5be03faccd22f4b542b9d05.tar.gz krb5-f77df5517ab35f56e5be03faccd22f4b542b9d05.tar.xz krb5-f77df5517ab35f56e5be03faccd22f4b542b9d05.zip | |
get_creds.c: Only match on enctype if in_creds.keyblock
has non-null enctype. (I.E. implement as documented)
gc_via_tkt.c: If the in_creds.keyblock.enctype !=0 then don't call
send_tgs with a null ktypes paramater; instead, explicitally allow only
increds.keyblock.enctype.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7385 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 10 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gc_via_tkt.c | 11 | ||||
| -rw-r--r-- | src/lib/krb5/krb/get_creds.c | 5 |
3 files changed, 23 insertions, 3 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index a1979242c..5a2c90ed0 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,13 @@ +Thu Jan 25 01:35:52 1996 Sam Hartman <hartmans@tertius.mit.edu> + + * gc_via_tkt.c (krb5_get_cred_via_tkt): If the keyblock.enctype is + non-null in in_cred, then request that particular key. + +Wed Jan 24 21:48:53 1996 Sam Hartman <hartmans@tertius.mit.edu> + + * get_creds.c (krb5_get_credentials): Only match against enctype + if it is non-null in increds. + Sun Jan 21 23:32:53 1996 Tom Yu <tlyu@dragons-lair.MIT.EDU> * gc_via_tkt.c (krb5_kdcrep2creds): Set is_skey so get_creds won't diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index 6ba87cf0a..cd8a18c8d 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -111,6 +111,7 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred) krb5_kdc_rep *dec_rep; krb5_error *err_reply; krb5_response tgsrep; +krb5_enctype *enctypes = 0; /* tkt->client must be equal to in_cred->client */ if (!krb5_principal_compare(context, tkt->client, in_cred->client)) @@ -143,7 +144,15 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred) } */ - if ((retval = krb5_send_tgs(context, kdcoptions, &in_cred->times, NULL, + if (in_cred->keyblock.enctype) { + enctypes = (krb5_enctype *) malloc(sizeof(krb5_enctype)*2); + if (!enctypes) + return ENOMEM; + enctypes[0] = in_cred->keyblock.enctype; + enctypes[1] = 0; + } + + if ((retval = krb5_send_tgs(context, kdcoptions, &in_cred->times, enctypes, in_cred->server, address, in_cred->authdata, 0, /* no padata */ (kdcoptions & KDC_OPT_ENC_TKT_IN_SKEY) ? diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index 169e926c3..32bac9dad 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -72,8 +72,9 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds) mcreds.client = in_creds->client; fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */ - | KRB5_TC_MATCH_AUTHDATA | KRB5_TC_MATCH_KTYPE; - + | KRB5_TC_MATCH_AUTHDATA ; + if (mcreds.keyblock.enctype) + fields |= KRB5_TC_MATCH_KTYPE; if (options & KRB5_GC_USER_USER) { /* also match on identical 2nd tkt and tkt encrypted in a session key */ |