Fix multiple enctype bug: the enctype for the eblock used to encrypt

the kdc request used the enctype of the tgt, not of the session key.
Considering that the request is encrypted in the session key of the
tgt, this is incorrect.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7704 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 57906865a03386a5e7bad0ff3fc389d5ce80829b..32bdb2bdd44221fb0cceb686905de9f9d84f2399 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,10 @@
+Sun Mar 24 01:34:14 1996  Sam Hartman  <hartmans@tertius.mit.edu>
+
+       * send_tgs.c (krb5_send_tgs_basic): You want to setup the eblock
+       used for the authenticator using the in_cred->keyblock, *not*
+       request.ticket.enc_part.enctype.  Under a multi-enctype system,
+       the session key may be different from the ticket key.
+
 Wed Mar 20 23:00:59 1996  Theodore Y. Ts'o  <tytso@dcl>
 
        * walk_rtree.c (krb5_walk_realm_tree): Fix 16bit vs. 32bit error.

diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c
index def5db1e26dc2b5df91caa69c012bcd2d2a2a488..16f00c095f489845176afe15c6a97c4824ad52e5 100644 (file)
--- a/src/lib/krb5/krb/send_tgs.c
+++ b/src/lib/krb5/krb/send_tgs.c
@@ -104,8 +104,8 @@ krb5_send_tgs_basic(context, in_data, in_cred, outbuf)
         goto cleanup_data;
 
     /* put together an eblock for this encryption */
-    krb5_use_enctype(context, &eblock, request.ticket->enc_part.enctype);
-    request.authenticator.enctype = request.ticket->enc_part.enctype;
+    krb5_use_enctype(context, &eblock, in_cred->keyblock.enctype);
+    request.authenticator.enctype = in_cred->keyblock.enctype;
     request.authenticator.ciphertext.length =
         krb5_encrypt_size(scratch->length, eblock.crypto_entry);