From: Ken Raeburn Date: Tue, 29 Aug 2000 22:36:45 +0000 (+0000) Subject: * get_creds.c (krb5_get_credentials_core): If the supplied enctype is not X-Git-Tag: krb5-1.3-alpha1~1904 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=38bcab3a608056491e3b09811d6f6a3ff8774ce9;p=krb5.git * get_creds.c (krb5_get_credentials_core): If the supplied enctype is not supported, return an error; can't satisfy both TC_SUPPORTED_KTYPES and TC_MATCH_KTYPE that way. Delete unused arguments CCACHE and OUT_CREDS; fix callers. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12636 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index e13fc341c..e39d0f61e 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +2000-08-29 Ken Raeburn + + * get_creds.c (krb5_get_credentials_core): If the supplied enctype + is not supported, return an error; can't satisfy both + TC_SUPPORTED_KTYPES and TC_MATCH_KTYPE that way. Delete unused + arguments CCACHE and OUT_CREDS; fix callers. + 2000-07-18 Ezra Peisach * vfy_increds.c: include int-proto.h for krb5_libdefault_boolean diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index 2538735da..dfee52f37 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -46,13 +46,10 @@ #include "k5-int.h" static krb5_error_code -krb5_get_credentials_core(context, options, ccache, in_creds, out_creds, - mcreds, fields) +krb5_get_credentials_core(context, options, in_creds, mcreds, fields) krb5_context context; const krb5_flags options; - krb5_ccache ccache; krb5_creds *in_creds; - krb5_creds **out_creds; krb5_creds *mcreds; krb5_flags *fields; { @@ -74,8 +71,22 @@ krb5_get_credentials_core(context, options, ccache, in_creds, out_creds, *fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */ | KRB5_TC_MATCH_AUTHDATA | KRB5_TC_SUPPORTED_KTYPES; - if (mcreds->keyblock.enctype) + if (mcreds->keyblock.enctype) { + krb5_enctype *ktypes; + krb5_error_code ret; + int i; + *fields |= KRB5_TC_MATCH_KTYPE; + ret = krb5_get_tgs_ktypes (context, mcreds->server, &ktypes); + for (i = 0; ktypes[i]; i++) + if (ktypes[i] == mcreds->keyblock.enctype) + break; + if (ktypes[i] == 0) + ret = KRB5_CC_NOT_KTYPE; + free (ktypes); + if (ret) + return ret; + } if (options & KRB5_GC_USER_USER) { /* also match on identical 2nd tkt and tkt encrypted in a session key */ @@ -104,8 +115,8 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds) krb5_flags fields; int not_ktype; - retval = krb5_get_credentials_core(context, options, ccache, - in_creds, out_creds, + retval = krb5_get_credentials_core(context, options, + in_creds, &mcreds, &fields); if (retval) return retval;