* in_tkt_ktb.c (keytab_keyproc): Do not check to see that the

enctype of the key is identical; there are several equivalent
DES enctypes.

* in_tkt_ktb.c (krb5_get_in_tkt_with_keytab): Removed the fancy
logic to only request the keytypes that correspond to those in
the keytab.  There were too many fencepost conditions that could
get you into trouble.  Either it should be there and *fully*
functional, or not in there at all.  Besides, there are too many
other components in Kerberos that expect the end-service to know
all its keys that this sanity check is overkill.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7720 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 796754ae8eb865d95fcb5d4f8cf66b2fa1c78410..ba9bc2a2e522708ac47d24a30e80f9a0b0be51fd 100644 (file)
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -4,6 +4,20 @@ Tue Mar 26 14:45:03 1996  Richard Basch  <basch@lehman.com>
        requiring domain conversion for the instance.  (imap/<host> is used
        by some of the new imap mail implementations)
 
+Wed Mar 27 17:05:47 1996  Richard Basch  <basch@lehman.com>
+
+       * in_tkt_ktb.c (keytab_keyproc): Do not check to see that the
+       enctype of the key is identical; there are several equivalent
+       DES enctypes.
+
+       * in_tkt_ktb.c (krb5_get_in_tkt_with_keytab): Removed the fancy
+       logic to only request the keytypes that correspond to those in
+       the keytab.  There were too many fencepost conditions that could
+       get you into trouble.  Either it should be there and *fully*
+       functional, or not in there at all.  Besides, there are too many
+       other components in Kerberos that expect the end-service to know
+       all its keys that this sanity check is overkill.
+
 Sun Mar 24 01:34:14 1996  Sam Hartman  <hartmans@tertius.mit.edu>
 
        * send_tgs.c (krb5_send_tgs_basic): You want to setup the eblock

diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c
index f0b0ab3e35b45d28de2cbfe3be1a6b2e96b57719..257ecce0f23de191cae6f895a0c377dd676857e0 100644 (file)
--- a/src/lib/krb5/krb/in_tkt_ktb.c
+++ b/src/lib/krb5/krb/in_tkt_ktb.c
@@ -78,13 +78,6 @@ keytab_keyproc(context, type, salt, keyseed, key)
        (void) krb5_kt_free_entry(context, &kt_ent);
        goto cleanup;
     }
-       
-    if (realkey->enctype != type) {
-       (void) krb5_kt_free_entry(context, &kt_ent);
-       krb5_free_keyblock(context, realkey);
-       retval = KRB5_PROG_ETYPE_NOSUPP;
-       goto cleanup;
-    }  
 
     (void) krb5_kt_free_entry(context, &kt_ent);
     *key = realkey;
@@ -126,59 +119,13 @@ krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types,
     krb5_kdc_rep ** ret_as_reply;
 {
     struct keytab_keyproc_arg arg;
-    krb5_enctype * kt_ktypes = (krb5_enctype *) NULL;
-    krb5_keytab kt_id = keytab;
-    krb5_keytab_entry kt_ent;
-    krb5_error_code retval;
-    register int i, j;
-
-    if (! ktypes) {
-       /* get the default enctype list */
-       retval = krb5_get_default_in_tkt_ktypes(context, &kt_ktypes);
-       if (retval) return retval;
-    } else {
-       /* copy the desired enctypes into a temporary array */
-       for (i = 0; ktypes[i]; i++) ;
-       kt_ktypes = (krb5_enctype *)malloc((i + 1) * sizeof(krb5_enctype));
-       if (! kt_ktypes) return ENOMEM;
-       for (i = 0; kt_ktypes[i] = ktypes[i]; i++) ;
-    }
-
-    /* only keep the enctypes for which we have keytab entries */
 
-    if (kt_id == NULL) {
-       retval = krb5_kt_default(context, &kt_id);
-       if (retval) goto cleanup;
-    }
-    i = 0;
-    while (kt_ktypes[i]) {
-       retval = krb5_kt_get_entry(context, kt_id, creds->client,
-                                  0, /* don't have vno available */
-                                  kt_ktypes[i], &kt_ent);
-       if (retval) {
-           if (retval != KRB5_KT_NOTFOUND)
-               goto cleanup;
-           /* strip the enctype from the requested enctype list */
-           for (j = i; kt_ktypes[j] = kt_ktypes[j+1]; j++) ;
-       } else {
-           /* we have this enctype; proceed to the next one */
-           (void) krb5_kt_free_entry(context, &kt_ent);
-           i++;
-       }
-    }
-
-    arg.keytab = kt_id;
+    arg.keytab = keytab;
     arg.client = creds->client;
 
-    retval = krb5_get_in_tkt(context, options, addrs, kt_ktypes,
-                            pre_auth_types,
-                            keytab_keyproc, (krb5_pointer)&arg,
-                            krb5_kdc_rep_decrypt_proc, 0, creds,
-                            ccache, ret_as_reply);
-cleanup:
-    if (kt_ktypes)
-       free(kt_ktypes);
-    if ((keytab == NULL) && (kt_id != NULL))
-       krb5_kt_close(context, kt_id);
-    return retval;
+    return(krb5_get_in_tkt(context, options, addrs, ktypes,
+                          pre_auth_types,
+                          keytab_keyproc, (krb5_pointer)&arg,
+                          krb5_kdc_rep_decrypt_proc, 0, creds,
+                          ccache, ret_as_reply));
 }