From: Sam Hartman <hartmans@mit.edu>
Date: Sun, 24 Mar 1996 20:19:29 +0000 (+0000)
Subject: Fix multiple enctype bug: the enctype for the eblock used to encrypt
X-Git-Tag: krb5-1.0-beta6~301
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=03d0f558b171bb3cd8ba35ec2f1c1180b5d59033;p=krb5.git

Fix multiple enctype bug: the enctype for the eblock used to encrypt
the kdc request used the enctype of the tgt, not of the session key.
Considering that the request is encrypted in the session key of the
tgt, this is incorrect.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7704 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 57906865a..32bdb2bdd 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,10 @@
+Sun Mar 24 01:34:14 1996  Sam Hartman  <hartmans@tertius.mit.edu>
+
+	* send_tgs.c (krb5_send_tgs_basic): You want to setup the eblock
+ 	used for the authenticator using the in_cred->keyblock, *not*
+ 	request.ticket.enc_part.enctype.  Under a multi-enctype system,
+ 	the session key may be different from the ticket key.
+
 Wed Mar 20 23:00:59 1996  Theodore Y. Ts'o  <tytso@dcl>
 
 	* walk_rtree.c (krb5_walk_realm_tree): Fix 16bit vs. 32bit error.
diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c
index def5db1e2..16f00c095 100644
--- a/src/lib/krb5/krb/send_tgs.c
+++ b/src/lib/krb5/krb/send_tgs.c
@@ -104,8 +104,8 @@ krb5_send_tgs_basic(context, in_data, in_cred, outbuf)
         goto cleanup_data;
 
     /* put together an eblock for this encryption */
-    krb5_use_enctype(context, &eblock, request.ticket->enc_part.enctype);
-    request.authenticator.enctype = request.ticket->enc_part.enctype;
+    krb5_use_enctype(context, &eblock, in_cred->keyblock.enctype);
+    request.authenticator.enctype = in_cred->keyblock.enctype;
     request.authenticator.ciphertext.length =
         krb5_encrypt_size(scratch->length, eblock.crypto_entry);