* get_creds.c (krb5_get_credentials_core): If the supplied enctype is not

author Ken Raeburn <raeburn@mit.edu>

Tue, 29 Aug 2000 22:36:45 +0000 (22:36 +0000)

committer Ken Raeburn <raeburn@mit.edu>

Tue, 29 Aug 2000 22:36:45 +0000 (22:36 +0000)
author Ken Raeburn <raeburn@mit.edu>
Tue, 29 Aug 2000 22:36:45 +0000 (22:36 +0000)
committer Ken Raeburn <raeburn@mit.edu>
Tue, 29 Aug 2000 22:36:45 +0000 (22:36 +0000)
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog

index e13fc341c764077d2ad6006486e249e3c43eced4..e39d0f61ee0dfebb459ba2281d264d0f5dc870a3 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,10 @@
+2000-08-29  Ken Raeburn  <raeburn@mit.edu>
+
+       * get_creds.c (krb5_get_credentials_core): If the supplied enctype
+       is not supported, return an error; can't satisfy both
+       TC_SUPPORTED_KTYPES and TC_MATCH_KTYPE that way.  Delete unused
+       arguments CCACHE and OUT_CREDS; fix callers.
+
  2000-07-18  Ezra Peisach  <epeisach@mit.edu>
  
         * vfy_increds.c: include int-proto.h for krb5_libdefault_boolean
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c

index 2538735dac5d7c1face130bbf2dd7ee1bf661f10..dfee52f3706fb94f8024a919170697fff7088780 100644 (file)
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -46,13 +46,10 @@
  #include "k5-int.h"
  
  static krb5_error_code
-krb5_get_credentials_core(context, options, ccache, in_creds, out_creds,
-                         mcreds, fields)
+krb5_get_credentials_core(context, options, in_creds, mcreds, fields)
      krb5_context context;
      const krb5_flags options;
-    krb5_ccache ccache;
      krb5_creds *in_creds;
-    krb5_creds **out_creds;
      krb5_creds *mcreds;
      krb5_flags *fields;
  {
@@ -74,8 +71,22 @@ krb5_get_credentials_core(context, options, ccache, in_creds, out_creds,
      *fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */
         | KRB5_TC_MATCH_AUTHDATA
         | KRB5_TC_SUPPORTED_KTYPES;
-    if (mcreds->keyblock.enctype)
+    if (mcreds->keyblock.enctype) {
+       krb5_enctype *ktypes;
+       krb5_error_code ret;
+       int i;
+
         *fields |= KRB5_TC_MATCH_KTYPE;
+       ret = krb5_get_tgs_ktypes (context, mcreds->server, &ktypes);
+       for (i = 0; ktypes[i]; i++)
+           if (ktypes[i] == mcreds->keyblock.enctype)
+               break;
+       if (ktypes[i] == 0)
+           ret = KRB5_CC_NOT_KTYPE;
+       free (ktypes);
+       if (ret)
+           return ret;
+    }
      if (options & KRB5_GC_USER_USER) {
         /* also match on identical 2nd tkt and tkt encrypted in a
            session key */
@@ -104,8 +115,8 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds)
      krb5_flags fields;
      int not_ktype;
  
-    retval = krb5_get_credentials_core(context, options, ccache, 
-                                      in_creds, out_creds,
+    retval = krb5_get_credentials_core(context, options,
+                                      in_creds,
                                        &mcreds, &fields);
  
      if (retval) return retval;
author	Ken Raeburn <raeburn@mit.edu>
	Tue, 29 Aug 2000 22:36:45 +0000 (22:36 +0000)
committer	Ken Raeburn <raeburn@mit.edu>
	Tue, 29 Aug 2000 22:36:45 +0000 (22:36 +0000)
src/lib/krb5/krb/ChangeLog		patch \| blob \| history
src/lib/krb5/krb/get_creds.c		patch \| blob \| history