*/
static krb5_error_code
send_as_request(context, request, time_now, ret_err_reply, ret_as_reply,
- master)
+ use_master)
krb5_context context;
krb5_kdc_req *request;
krb5_timestamp *time_now;
krb5_error ** ret_err_reply;
krb5_kdc_rep ** ret_as_reply;
- int * master;
+ int use_master;
{
krb5_kdc_rep *as_reply = 0;
krb5_error_code retval;
k4_version = packet->data[0];
retval = krb5_sendto_kdc(context, packet,
krb5_princ_realm(context, request->client),
- &reply, master);
+ &reply, use_master);
krb5_free_data(context, packet);
if (retval)
goto cleanup;
request.from = creds->times.starttime;
request.till = creds->times.endtime;
request.rtime = creds->times.renew_till;
- if (ktypes)
- request.ktype = ktypes;
- else
- if ((retval = krb5_get_default_in_tkt_ktypes(context, &request.ktype)))
- goto cleanup;
+ if ((retval = krb5_get_default_in_tkt_ktypes(context, &request.ktype)))
+ goto cleanup;
for (request.nktypes = 0;request.ktype[request.nktypes];request.nktypes++);
+ if (ktypes) {
+ int i, req, next = 0;
+ for (req = 0; ktypes[req]; req++) {
+ if (ktypes[req] == request.ktype[next]) {
+ next++;
+ continue;
+ }
+ for (i = next + 1; i < request.nktypes; i++)
+ if (ktypes[req] == request.ktype[i]) {
+ /* Found the enctype we want, but not in the
+ position we want. Move it, but keep the old
+ one from the desired slot around in case it's
+ later in our requested-ktypes list. */
+ krb5_enctype t;
+ t = request.ktype[next];
+ request.ktype[next] = request.ktype[i];
+ request.ktype[i] = t;
+ next++;
+ break;
+ }
+ /* If we didn't find it, don't do anything special, just
+ drop it. */
+ }
+ request.ktype[next] = 0;
+ request.nktypes = next;
+ }
request.authorization_data.ciphertext.length = 0;
request.authorization_data.ciphertext.data = 0;
request.unenc_authdata = 0;
goto cleanup;
cleanup:
- if (!ktypes && request.ktype)
+ if (request.ktype)
free(request.ktype);
if (!addrs && request.addresses)
krb5_free_addresses(context, request.addresses);
return (retval);
}
-/* begin appdefaults parsing code. This should almost certainly move
+/* begin libdefaults parsing code. This should almost certainly move
somewhere else, but I don't know where the correct somewhere else
is yet. */
}
static krb5_error_code
-krb5_appdefault_string(context, realm, option, ret_value)
+krb5_libdefault_string(context, realm, option, ret_value)
krb5_context context;
const krb5_data *realm;
const char *option;
/* as well as the DNS code */
krb5_error_code
-krb5_appdefault_boolean(context, realm, option, ret_value)
+krb5_libdefault_boolean(context, realm, option, ret_value)
krb5_context context;
const char *option;
const krb5_data *realm;
char *string = NULL;
krb5_error_code retval;
- retval = krb5_appdefault_string(context, realm, option, &string);
+ retval = krb5_libdefault_string(context, realm, option, &string);
if (retval)
return(retval);
KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
krb5_get_init_creds(context, creds, client, prompter, prompter_data,
start_time, in_tkt_service, options, gak_fct, gak_data,
- master, as_reply)
+ use_master, as_reply)
krb5_context context;
krb5_creds *creds;
krb5_principal client;
krb5_get_init_creds_opt *options;
krb5_gic_get_as_key_fct gak_fct;
void *gak_data;
- int *master;
+ int use_master;
krb5_kdc_rep **as_reply;
{
krb5_error_code ret;
krb5_error *err_reply;
krb5_kdc_rep *local_as_reply;
krb5_timestamp time_now;
+ krb5_enctype etype = 0;
/* initialize everything which will be freed at cleanup */
salt.length = 0;
salt.data = NULL;
+ local_as_reply = 0;
+
/*
* Set up the basic request structure
*/
if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE))
tempint = options->forwardable;
- else if ((ret = krb5_appdefault_boolean(context, &client->realm,
+ else if ((ret = krb5_libdefault_boolean(context, &client->realm,
"forwardable", &tempint)) == 0)
;
else
if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE))
tempint = options->proxiable;
- else if ((ret = krb5_appdefault_boolean(context, &client->realm,
+ else if ((ret = krb5_libdefault_boolean(context, &client->realm,
"proxiable", &tempint)) == 0)
;
else
if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)) {
renew_life = options->renew_life;
- } else if ((ret = krb5_appdefault_string(context, &client->realm,
+ } else if ((ret = krb5_libdefault_string(context, &client->realm,
"renew_lifetime", &tempstr))
== 0) {
if (ret = krb5_string_to_deltat(tempstr, &renew_life)) {
}
/* it would be nice if this parsed out an address list, but
that would be work. */
- else if (((ret = krb5_appdefault_boolean(context, &client->realm,
+ else if (((ret = krb5_libdefault_boolean(context, &client->realm,
"noaddresses", &tempint)) == 0)
&& tempint) {
;
if (ret = krb5_do_preauth(context, &request,
padata, &request.padata,
- &salt, &as_key, prompter,
+ &salt, &etype, &as_key, prompter,
prompter_data, gak_fct, gak_data))
goto cleanup;
err_reply = 0;
local_as_reply = 0;
if ((ret = send_as_request(context, &request, &time_now, &err_reply,
- &local_as_reply, master)))
+ &local_as_reply, use_master)))
goto cleanup;
if (err_reply) {
if (ret = krb5_do_preauth(context, &request,
local_as_reply->padata, &padata,
- &salt, &as_key, prompter,
+ &salt, &etype, &as_key, prompter,
prompter_data, gak_fct, gak_data))
goto cleanup;