* get_in_tkt.c (krb5_get_in_tkt): Remove the etype_info argument from

	the call to krb5_obtain_padata.

* preauth.c (krb5_obtain_padata): Use the PADATA_ETYPE_INFO preauth,
	if it exists, to determine which salt type to use when encrypting the
	preauthentication data.  Remove the etype_info argument.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7071 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 4f127349ca61bb1f1e9e9fb938f21b9d141ac9e7..de1828dc62b8c5b838f6fd2d480407ff220061ed 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,13 @@
+Thu Nov  9 00:02:43 1995  Theodore Y. Ts'o  <tytso@dcl>
+
+       * get_in_tkt.c (krb5_get_in_tkt): Remove the etype_info argument
+               from the call to krb5_obtain_padata.
+
+       * preauth.c (krb5_obtain_padata): Use the PADATA_ETYPE_INFO
+               preauth, if it exists, to determine which salt type to use
+               when encrypting the preauthentication data.  Remove the
+               etype_info argument.
+
 Wed Nov  8 02:50:59 1995  Theodore Y. Ts'o  <tytso@dcl>
 
        * krbconfig.c: Removed the krb5_clockskew variable.

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index e1c253b208a16d9c73d0ae86ffbca74bdbeae9d3..18095ef8e42d2bea10c18e6fa5c3d398f0b88dc2 100644 (file)
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -451,7 +451,7 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed,
            goto cleanup;
        }
 
-       if ((retval = krb5_obtain_padata(context, preauth_to_use, 0, key_proc,
+       if ((retval = krb5_obtain_padata(context, preauth_to_use, key_proc,
                                         keyseed, creds, &request)) != 0)
            goto cleanup;
        if (preauth_to_use)

diff --git a/src/lib/krb5/krb/preauth.c b/src/lib/krb5/krb/preauth.c
index ae961a6ceb1f46f5227c19fc296fbe04b1f5195b..d02a7197d8e2635a889ca41d9b2c138bbded8f99 100644 (file)
--- a/src/lib/krb5/krb/preauth.c
+++ b/src/lib/krb5/krb/preauth.c
@@ -101,17 +101,17 @@ cleanup:
 }
 
     
-krb5_error_code krb5_obtain_padata(context, preauth_to_use, etype_info,
-                                  key_proc, key_seed, creds, request)
+krb5_error_code krb5_obtain_padata(context, preauth_to_use, key_proc,
+                                  key_seed, creds, request)
     krb5_context               context;
     krb5_pa_data **            preauth_to_use;
-    krb5_etype_info            etype_info;
     git_key_proc               key_proc;
     krb5_const_pointer         key_seed;
     krb5_creds *               creds;
     krb5_kdc_req *             request;
 {
     krb5_error_code            retval;
+    krb5_etype_info            etype_info = 0;
     krb5_pa_data **            pa;
     krb5_pa_data **            send_pa_list;
     krb5_pa_data **            send_pa;
@@ -119,13 +119,22 @@ krb5_error_code krb5_obtain_padata(context, preauth_to_use, etype_info,
     krb5_keyblock *            def_enc_key = 0;
     krb5_enctype               enctype;
     krb5_data                  salt;
+    krb5_data                  scratch;
     int                                size;
     int                                f_salt = 0;
 
     if (preauth_to_use == NULL)
        return 0;
 
-    for (pa = preauth_to_use, size=0; *pa; pa++, size++);
+    for (pa = preauth_to_use, size=0; *pa; pa++, size++) {
+       if ((*pa)->pa_type == KRB5_PADATA_ETYPE_INFO) {
+           scratch.length = (*pa)->length;
+           scratch.data = (*pa)->contents;
+           retval = decode_krb5_etype_info(&scratch, &etype_info);
+           if (retval)
+               return retval;
+       }
+    }
 
     if ((send_pa_list = malloc((size+1) * sizeof(krb5_pa_data *))) == NULL)
        return ENOMEM;
@@ -133,12 +142,15 @@ krb5_error_code krb5_obtain_padata(context, preauth_to_use, etype_info,
     send_pa = send_pa_list;
     *send_pa = 0;
 
+    enctype = request->ktype[0];
+    salt.data = 0;
+    salt.length = -1;
     if (etype_info) {
        enctype = etype_info[0]->etype;
        salt.data = etype_info[0]->salt;
        salt.length = etype_info[0]->length;
-    } else {
-       enctype = request->ktype[0];
+    }
+    if (salt.length == -1) {
        if ((retval = krb5_principal2salt(context, request->client, &salt)))
            return(retval);
        f_salt = 1;