Added support for alternate key/salt; attempt to use a V4 salttype if

possible.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2438 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c
index dfd4ac9845186adb8d0e7a0b611318fee95f89da..928d97da1e8d51411726786b6aa67559a7ba3ac6 100644 (file)
--- a/src/kdc/kerberos_v4.c
+++ b/src/kdc/kerberos_v4.c
@@ -636,9 +636,24 @@ kerb_get_principal(name, inst, principal, maxn, more)
                  (int) name, (int) inst, entries.key.keytype);
        nprinc = 0;
        goto cleanup;
-    } else if (! compat_decrypt_key( &entries.key, k)) {
-       bcopy(          k,      &principal->key_low,  LONGLEN);
-       bcopy((long *)  k + 1,  &principal->key_high, LONGLEN);
+    } else {
+       /*
+        * If the primary key's salt type is not V4, use the alternate
+        * key instead, if it exists.
+        */
+       if (entries.salt_type != KRB5_KDB_SALTTYPE_V4 &&
+           entries.alt_key.length) {
+           if (! compat_decrypt_key( &entries.alt_key,k)){
+               bcopy(              k,      &principal->key_low,  LONGLEN);
+               bcopy((long *)      k + 1,  &principal->key_high, LONGLEN);
+           }
+       }
+       else {
+           if (! compat_decrypt_key( &entries.key, k)) {
+               bcopy(              k,      &principal->key_low,  LONGLEN);
+               bcopy((long *)      k + 1,  &principal->key_high, LONGLEN);
+           }
+       }
     }
     /* convert v5's entries struct to v4's Principal struct:
      * v5's time-unit for lifetimes is 1 sec, while v4 uses 5 minutes.