2001-11-24 Sam Hartman <hartmans@mit.edu>

 	* fwd_tgt.c (krb5_fwd_tgt_creds): Get a session key for the
 	forwarded tgt that is the same as the  session key for  the
 	auth_context.  This  is an enctype we know the remote side
 	supports.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14019 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index e27110bb703614ef6c4fd6261004c88da74417e2..1f607302fca98db0c0ab81092dbc2916360b495e 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,10 @@
+ 2001-11-24  Sam Hartman  <hartmans@mit.edu>
+ 
+       * fwd_tgt.c (krb5_fwd_tgt_creds): Get a session key for the
+       forwarded tgt that is the same as the  session key for  the
+       auth_context.  This  is an enctype we know the remote side
+       supports.  
+ 
 2001-11-26  Sam Hartman  <hartmans@mit.edu>
 
        * gen_seqnum.c (krb5_generate_seq_number):  add entropy source id

diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c
index 9dd9e116b48c01aecce130a882e9515e93981378..9c8a1046b37c40708da6147db8d06c1f43f83a11 100644 (file)
--- a/src/lib/krb5/krb/fwd_tgt.c
+++ b/src/lib/krb5/krb/fwd_tgt.c
@@ -55,6 +55,8 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc,
     krb5_flags kdcoptions;
     int close_cc = 0;
     int free_rhost = 0;
+    krb5_enctype enctype = 0;
+    krb5_keyblock *session_key;
 
     memset((char *)&creds, 0, sizeof(creds));
     memset((char *)&tgt, 0, sizeof(creds));
@@ -73,7 +75,15 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc,
        memcpy(rhost, server->data[1].data, server->data[1].length);
        rhost[server->data[1].length] = '\0';
     }
-
+    retval = krb5_auth_con_getkey (context, auth_context, &session_key);
+    if (retval)
+      goto errout;
+    if (session_key) {
+      enctype = session_key->enctype;
+      krb5_free_keyblock (context, session_key);
+      session_key = NULL;
+    }
+    
     retval = krb5_os_hostaddr(context, rhost, &addrs);
     if (retval)
        goto errout;
@@ -113,7 +123,8 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc,
        retval = KRB5_NO_TKT_SUPPLIED;
        goto errout;
     }
-
+    
+    creds.keyblock.enctype = enctype;
     creds.times = tgt.times;
     creds.times.starttime = 0;
     creds.keyblock.enctype = tgt.keyblock.enctype;