Added code to match on 2nd tkt and tkt encryptred in a session key
authorTheodore Tso <tytso@mit.edu>
Mon, 6 May 1991 12:03:00 +0000 (12:03 +0000)
committerTheodore Tso <tytso@mit.edu>
Mon, 6 May 1991 12:03:00 +0000 (12:03 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2096 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/get_creds.c

index de5eedc1d93c4bf0d1968436f63a00285bcd0dc0..9a28e801c6bc0189677b9f462a526034f02e25fb 100644 (file)
@@ -55,12 +55,20 @@ krb5_creds *creds;
     fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */
        | KRB5_TC_MATCH_AUTHDATA;
 
-    switch(retval = krb5_cc_retrieve_cred(ccache, fields, &mcreds, creds)) {
-    case KRB5_CC_NOTFOUND:
-       break;
-    default:
-       return retval;
+    if (options & KRB5_GC_USER_USER) {
+       /* also match on identical 2nd tkt and tkt encrypted in a
+          session key */
+       fields |= KRB5_TC_MATCH_2ND_TKT|KRB5_TC_MATCH_IS_SKEY;
+       mcreds.is_skey = TRUE;
     }
+
+    retval = krb5_cc_retrieve_cred(ccache, fields, &mcreds, creds);
+    if (retval != KRB5_CC_NOTFOUND || options & KRB5_GC_CACHED)
+       return retval;
+
+    if (options & KRB5_GC_USER_USER && !creds->second_ticket.length)
+       return KRB5_NO_2ND_TKT;
+
     retval = krb5_get_cred_from_kdc(ccache, creds, &tgts);
     if (tgts) {
        register int i = 0;
@@ -76,5 +84,4 @@ krb5_creds *creds;
     if (!retval)
        retval = krb5_cc_store_cred(ccache, creds);
     return retval;
-
 }