Added support for matching against a supported app. session key type

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7170 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/ccache/file/fcc_retrv.c b/src/lib/krb5/ccache/file/fcc_retrv.c
index c7f03ebc2051df01ced1ecba747c16de67952edc..1076cee33cc09e924f364cf0f339513e246dd558 100644 (file)
--- a/src/lib/krb5/ccache/file/fcc_retrv.c
+++ b/src/lib/krb5/ccache/file/fcc_retrv.c
@@ -68,6 +68,30 @@ register const krb5_data *data1, *data2;
        return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE;
 }
 
+static krb5_boolean
+ktype_match(context, creds)
+register krb5_context context;
+register krb5_creds *creds;
+{
+    register int i;
+    krb5_enctype * ktypes = (krb5_enctype *) NULL;
+    krb5_enctype enctype = creds->keyblock.enctype;
+    krb5_principal princ = creds->server;
+
+    if (krb5_get_tgs_ktypes(context, princ, &ktypes))
+       return FALSE;
+
+    for (i=0; ktypes[i]; i++) {
+       if (ktypes[i] == enctype) {
+           free(ktypes);
+           return TRUE;
+       }
+    }
+
+    free(ktypes);
+    return FALSE;
+}
+
 /*
  * Effects:
  * Searches the file cred cache is for a credential matching mcreds,
@@ -132,6 +156,9 @@ krb5_fcc_retrieve(context, id, whichfields, mcreds, creds)
              &&
              (! set(KRB5_TC_MATCH_2ND_TKT) ||
               data_match (&mcreds->second_ticket, &fetchcreds.second_ticket))
+             &&
+             (! set(KRB5_TC_MATCH_KTYPE) ||
+              ktype_match (context, &fetchcreds))
              )
          {
               krb5_fcc_end_seq_get(context, id, &cursor);

diff --git a/src/lib/krb5/ccache/memory/mcc_retrv.c b/src/lib/krb5/ccache/memory/mcc_retrv.c
index 239347434fd3775ae0d57f32311304439c0f1f05..0d61f2b2887721fec0c50c14bcd6299770b1b461 100644 (file)
--- a/src/lib/krb5/ccache/memory/mcc_retrv.c
+++ b/src/lib/krb5/ccache/memory/mcc_retrv.c
@@ -64,6 +64,30 @@ register const krb5_data *data1, *data2;
        return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE;
 }
 
+static krb5_boolean
+ktype_match(context, creds)
+register krb5_context context;
+register krb5_creds *creds;
+{
+    register int i;
+    krb5_enctype * ktypes = (krb5_enctype *) NULL;
+    krb5_enctype enctype = creds->keyblock.enctype;
+    krb5_principal princ = creds->server;
+
+    if (krb5_get_tgs_ktypes(context, princ, &ktypes))
+       return FALSE;
+
+    for (i=0; ktypes[i]; i++) {
+       if (ktypes[i] == enctype) {
+           free(ktypes);
+           return TRUE;
+       }
+    }
+
+    free(ktypes);
+    return FALSE;
+}
+
 /*
  * Effects:
  * Searches the file cred cache for a credential matching mcreds,
@@ -128,6 +152,9 @@ krb5_mcc_retrieve(context, id, whichfields, mcreds, creds)
              &&
              (! set(KRB5_TC_MATCH_2ND_TKT) ||
               data_match (&mcreds->second_ticket, &fetchcreds.second_ticket))
+             &&
+             (! set(KRB5_TC_MATCH_KTYPE) ||
+              ktype_match (context, &fetchcreds))
              )
          {
               krb5_mcc_end_seq_get(context, id, &cursor);

diff --git a/src/lib/krb5/ccache/stdio/scc_retrv.c b/src/lib/krb5/ccache/stdio/scc_retrv.c
index c196c00faf4e27baa1dddafe7aac0063b62a359b..2f3340f8dc47338ff24fab75abb0687dad39f1a2 100644 (file)
--- a/src/lib/krb5/ccache/stdio/scc_retrv.c
+++ b/src/lib/krb5/ccache/stdio/scc_retrv.c
@@ -134,6 +134,30 @@ register const krb5_data *data1, *data2;
        return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE;
 }
 
+static krb5_boolean
+ktype_match(context, creds)
+register krb5_context context;
+register krb5_creds *creds;
+{
+    register int i;
+    krb5_enctype * ktypes = (krb5_enctype *) NULL;
+    krb5_enctype enctype = creds->keyblock.enctype;
+    krb5_principal princ = creds->server;
+
+    if (krb5_get_tgs_ktypes(context, princ, &ktypes))
+       return FALSE;
+
+    for (i=0; ktypes[i]; i++) {
+       if (ktypes[i] == enctype) {
+           free(ktypes);
+           return TRUE;
+       }
+    }
+
+    free(ktypes);
+    return FALSE;
+}
+
 /*
  * Effects:
  * Searches the file cred cache is for a credential matching mcreds,
@@ -198,6 +222,9 @@ krb5_scc_retrieve(context, id, whichfields, mcreds, creds)
              &&
              (! set(KRB5_TC_MATCH_2ND_TKT) ||
               data_match (&mcreds->second_ticket, &fetchcreds.second_ticket))
+             &&
+             (! set(KRB5_TC_MATCH_KTYPE) ||
+              ktype_match (context, &fetchcreds))
              )
          {
               krb5_scc_end_seq_get(context, id, &cursor);