From: Ken Raeburn Date: Fri, 12 Jul 2002 21:46:11 +0000 (+0000) Subject: * init_sec_context.c (krb5_gss_init_sec_context): Instead of asking for the X-Git-Tag: krb5-1.3-alpha1~590 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=f0b3825c19e9443a881235daba58cb7be3455189;p=krb5.git * init_sec_context.c (krb5_gss_init_sec_context): Instead of asking for the enctypes supported by the GSS code, use that set as a filter on the default enctypes and use the resulting list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14629 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 98b694d81..66072e8dd 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -3,6 +3,10 @@ * accept_sec_context.c (rd_and_store_for_creds): Remove registration of memory ccache type. + * init_sec_context.c (krb5_gss_init_sec_context): Instead of + asking for the enctypes supported by the GSS code, use that set as + a filter on the default enctypes and use the resulting list. + 2002-07-01 Ken Raeburn * gssapi_krb5.c (gss_mech_krb5_v2, gss_mech_set_krb5_v2, diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index f368689a8..b50657d78 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -335,13 +335,15 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_MD4, - 0 }; +#define N_WANTED_ENCTYPES (sizeof(wanted_enctypes)/sizeof(wanted_enctypes[0])) + krb5_enctype requested_enctypes[N_WANTED_ENCTYPES + 1]; + krb5_enctype *default_enctypes = 0; krb5_error_code code; krb5_gss_ctx_id_rec *ctx, *ctx_free; krb5_timestamp now; gss_buffer_desc token; - int i, err; + int i, j, k, err; int default_mech = 0; OM_uint32 major_status; @@ -469,8 +471,52 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, &ctx->there))) goto fail; + code = krb5_get_tgs_ktypes (context, 0, &default_enctypes); + if (code) + goto fail; + /* "i" denotes *next* slot to fill. Don't forget to save room + for a trailing zero. */ + i = 0; + for (j = 0; + (default_enctypes[j] != 0 + /* This part should be redundant, but let's be paranoid. */ + && i < N_WANTED_ENCTYPES); + j++) { + + int is_duplicate_enctype; + int is_wanted_enctype; + + krb5_enctype e = default_enctypes[j]; + + /* Is this enctype one of the ones we want for GSSAPI? */ + is_wanted_enctype = 0; + for (k = 0; k < N_WANTED_ENCTYPES; k++) { + if (wanted_enctypes[k] == e) { + is_wanted_enctype = 1; + break; + } + } + /* If unwanted, go to the next one. */ + if (!is_wanted_enctype) + continue; + + /* Is this enctype already in the list of enctypes to + request? (Is it a duplicate?) */ + is_duplicate_enctype = 0; + for (k = 0; k < i; k++) { + if (requested_enctypes[k] == e) { + is_duplicate_enctype = 1; + break; + } + } + /* If it is not a duplicate, add it. */ + if (!is_duplicate_enctype) + requested_enctypes[i++] = e; + } + requested_enctypes[i++] = 0; + if ((code = get_credentials(context, cred, ctx->there, now, - ctx->endtime, wanted_enctypes, &k_cred))) + ctx->endtime, requested_enctypes, &k_cred))) goto fail; if (default_mech) {