has non-null enctype. (I.E. implement as documented)
gc_via_tkt.c: If the in_creds.keyblock.enctype !=0 then don't call
send_tgs with a null ktypes paramater; instead, explicitally allow only
increds.keyblock.enctype.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7385
dc483132-0cff-0310-8789-
dd5450dbe970
+Thu Jan 25 01:35:52 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * gc_via_tkt.c (krb5_get_cred_via_tkt): If the keyblock.enctype is
+ non-null in in_cred, then request that particular key.
+
+Wed Jan 24 21:48:53 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * get_creds.c (krb5_get_credentials): Only match against enctype
+ if it is non-null in increds.
+
Sun Jan 21 23:32:53 1996 Tom Yu <tlyu@dragons-lair.MIT.EDU>
* gc_via_tkt.c (krb5_kdcrep2creds): Set is_skey so get_creds won't
krb5_kdc_rep *dec_rep;
krb5_error *err_reply;
krb5_response tgsrep;
+krb5_enctype *enctypes = 0;
/* tkt->client must be equal to in_cred->client */
if (!krb5_principal_compare(context, tkt->client, in_cred->client))
}
*/
- if ((retval = krb5_send_tgs(context, kdcoptions, &in_cred->times, NULL,
+ if (in_cred->keyblock.enctype) {
+ enctypes = (krb5_enctype *) malloc(sizeof(krb5_enctype)*2);
+ if (!enctypes)
+ return ENOMEM;
+ enctypes[0] = in_cred->keyblock.enctype;
+ enctypes[1] = 0;
+ }
+
+ if ((retval = krb5_send_tgs(context, kdcoptions, &in_cred->times, enctypes,
in_cred->server, address, in_cred->authdata,
0, /* no padata */
(kdcoptions & KDC_OPT_ENC_TKT_IN_SKEY) ?
mcreds.client = in_creds->client;
fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */
- | KRB5_TC_MATCH_AUTHDATA | KRB5_TC_MATCH_KTYPE;
-
+ | KRB5_TC_MATCH_AUTHDATA ;
+ if (mcreds.keyblock.enctype)
+ fields |= KRB5_TC_MATCH_KTYPE;
if (options & KRB5_GC_USER_USER) {
/* also match on identical 2nd tkt and tkt encrypted in a
session key */
projects / krb5.git / commitdiff