* init_sec_context.c (krb5_gss_init_sec_context): Instead of asking for the

enctypes supported by the GSS code, use that set as a filter on the default
enctypes and use the resulting list.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14629 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 98b694d81171bc6593af3369e902ab8013483645..66072e8dda977ae90f0a95c72bf37ca6de55216f 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -3,6 +3,10 @@
        * accept_sec_context.c (rd_and_store_for_creds): Remove
        registration of memory ccache type.
 
+       * init_sec_context.c (krb5_gss_init_sec_context): Instead of
+       asking for the enctypes supported by the GSS code, use that set as
+       a filter on the default enctypes and use the resulting list.
+
 2002-07-01  Ken Raeburn  <raeburn@mit.edu>
 
        * gssapi_krb5.c (gss_mech_krb5_v2, gss_mech_set_krb5_v2,

diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index f368689a82f83725c57b4997fcfd2313a4153cde..b50657d781eb4addd1d79441901bef4409029d38 100644 (file)
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -335,13 +335,15 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
      ENCTYPE_ARCFOUR_HMAC,
      ENCTYPE_DES_CBC_CRC,
      ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_MD4,
-     0
    };
+#define N_WANTED_ENCTYPES (sizeof(wanted_enctypes)/sizeof(wanted_enctypes[0]))
+   krb5_enctype requested_enctypes[N_WANTED_ENCTYPES + 1];
+   krb5_enctype *default_enctypes = 0;
    krb5_error_code code; 
    krb5_gss_ctx_id_rec *ctx, *ctx_free;
    krb5_timestamp now;
    gss_buffer_desc token;
-   int i, err;
+   int i, j, k, err;
    int default_mech = 0;
    OM_uint32 major_status;
 
@@ -469,8 +471,52 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
                                      &ctx->there)))
          goto fail;
 
+      code = krb5_get_tgs_ktypes (context, 0, &default_enctypes);
+      if (code)
+         goto fail;
+      /* "i" denotes *next* slot to fill.  Don't forget to save room
+        for a trailing zero.  */
+      i = 0;
+      for (j = 0;
+          (default_enctypes[j] != 0
+           /* This part should be redundant, but let's be paranoid.  */
+           && i < N_WANTED_ENCTYPES);
+          j++) {
+
+         int is_duplicate_enctype;
+         int is_wanted_enctype;
+
+         krb5_enctype e = default_enctypes[j];
+
+         /* Is this enctype one of the ones we want for GSSAPI?  */
+         is_wanted_enctype = 0;
+         for (k = 0; k < N_WANTED_ENCTYPES; k++) {
+             if (wanted_enctypes[k] == e) {
+                 is_wanted_enctype = 1;
+                 break;
+             }
+         }
+         /* If unwanted, go to the next one. */
+         if (!is_wanted_enctype)
+             continue;
+
+         /* Is this enctype already in the list of enctypes to
+            request?  (Is it a duplicate?)  */
+         is_duplicate_enctype = 0;
+         for (k = 0; k < i; k++) {
+             if (requested_enctypes[k] == e) {
+                 is_duplicate_enctype = 1;
+                 break;
+             }
+         }
+         /* If it is not a duplicate, add it. */
+         if (!is_duplicate_enctype)
+             requested_enctypes[i++] = e;
+      }
+      requested_enctypes[i++] = 0;
+
       if ((code = get_credentials(context, cred, ctx->there, now,
-                                 ctx->endtime, wanted_enctypes, &k_cred)))
+                                 ctx->endtime, requested_enctypes, &k_cred)))
          goto fail;
 
       if (default_mech) {