and in the set of default tgs enctypes.
Now, if matching on keytype, do an exact match, else
use ktype_reasonable (renamed ktype_match) to make
sure the ticket is in the default tgs enctypes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7384
dc483132-0cff-0310-8789-
dd5450dbe970
+Wed Jan 24 21:36:34 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * fcc_retrv.c (ktype_reasonable): Renamed ktype_match because it
+ didn't really match enctypes. Instead, it just determined whether
+ they were something the TGS would likely return. When I ask for
+ an exact enctype match, I want an enctype match.
+ (krb5_fcc_retrieve): Match keytype exactly if matching enctype.
+
Wed Jan 10 21:14:31 1996 Theodore Y. Ts'o <tytso@dcl>
* fcc.h (KRB5_FCC_DEFAULT_VNO): Remove KRB5_FCC_DEFAULT_VNO; now
}
static krb5_boolean
-ktype_match(context, creds)
+ktype_reasonable(context, creds)
register krb5_context context;
register krb5_creds *creds;
{
return kret;
while ((kret = krb5_fcc_next_cred(context, id, &cursor, &fetchcreds)) == KRB5_OK) {
- if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) &&
+ if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) &&
srvname_match(context, mcreds, &fetchcreds)) ||
standard_fields_match(context, mcreds, &fetchcreds))
&&
(! set(KRB5_TC_MATCH_2ND_TKT) ||
data_match (&mcreds->second_ticket, &fetchcreds.second_ticket))
&&
- (! set(KRB5_TC_MATCH_KTYPE) ||
- ktype_match (context, &fetchcreds))
- )
+ ((! set(KRB5_TC_MATCH_KTYPE)&&
+ ktype_reasonable (context, &fetchcreds))||
+ (mcreds->keyblock.enctype == fetchcreds.keyblock.enctype)))
{
krb5_fcc_end_seq_get(context, id, &cursor);
*creds = fetchcreds;
+Thu Jan 25 14:50:51 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * mcc_retrv.c (ktype_reasonable): Rename ktype_match
+ (krb5_mcc_retrieve): Match enctype exactly if requested.
+
Sat Nov 4 00:45:42 1995 Theodore Y. Ts'o <tytso@dcl>
* mcc_ops.c: Remove excess code which is defined in fcc_ops.c
}
static krb5_boolean
-ktype_match(context, creds)
-register krb5_context context;
-register krb5_creds *creds;
+ktype_reasonable(context, creds)
+ register krb5_context context;
+ register krb5_creds *creds;
{
register int i;
krb5_enctype * ktypes = (krb5_enctype *) NULL;
(! set(KRB5_TC_MATCH_2ND_TKT) ||
data_match (&mcreds->second_ticket, &fetchcreds.second_ticket))
&&
- (! set(KRB5_TC_MATCH_KTYPE) ||
- ktype_match (context, &fetchcreds))
+ ((! set(KRB5_TC_MATCH_KTYPE) &&
+ ktype_reasonable (context, &fetchcreds))||
+ (mcreds->keyblock.enctype == fetchcreds.keyblock.enctype))
)
{
krb5_mcc_end_seq_get(context, id, &cursor);
+Thu Jan 25 14:44:48 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * scc_retrv.c (ktype_reasonable): Rename ktype_match; see fcc for explanation.
+ (krb5_scc_retrieve): Match exactly on enctype if requested to do so.
+
Wed Jan 10 22:44:43 1996 Theodore Y. Ts'o <tytso@dcl>
* scc.h (KRB5_SCC_DEFAULT_VNO): Remove KRB5_SCC_DEFAULT_VNO; now
}
static krb5_boolean
-ktype_match(context, creds)
-register krb5_context context;
-register krb5_creds *creds;
+ktype_reasonable(context, creds)
+ register krb5_context context;
+ register krb5_creds *creds;
{
register int i;
krb5_enctype * ktypes = (krb5_enctype *) NULL;
(! set(KRB5_TC_MATCH_2ND_TKT) ||
data_match (&mcreds->second_ticket, &fetchcreds.second_ticket))
&&
- (! set(KRB5_TC_MATCH_KTYPE) ||
- ktype_match (context, &fetchcreds))
+ ((! set(KRB5_TC_MATCH_KTYPE)&&
+ ktype_reasonable (context, &fetchcreds))||
+ (mcreds->keyblock.enctype == fetchcreds.keyblock.enctype))
)
{
krb5_scc_end_seq_get(context, id, &cursor);
projects / krb5.git / commitdiff