From 03d0f558b171bb3cd8ba35ec2f1c1180b5d59033 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Sun, 24 Mar 1996 20:19:29 +0000 Subject: [PATCH] Fix multiple enctype bug: the enctype for the eblock used to encrypt the kdc request used the enctype of the tgt, not of the session key. Considering that the request is encrypted in the session key of the tgt, this is incorrect. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7704 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 7 +++++++ src/lib/krb5/krb/send_tgs.c | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 57906865a..32bdb2bdd 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +Sun Mar 24 01:34:14 1996 Sam Hartman + + * send_tgs.c (krb5_send_tgs_basic): You want to setup the eblock + used for the authenticator using the in_cred->keyblock, *not* + request.ticket.enc_part.enctype. Under a multi-enctype system, + the session key may be different from the ticket key. + Wed Mar 20 23:00:59 1996 Theodore Y. Ts'o * walk_rtree.c (krb5_walk_realm_tree): Fix 16bit vs. 32bit error. diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c index def5db1e2..16f00c095 100644 --- a/src/lib/krb5/krb/send_tgs.c +++ b/src/lib/krb5/krb/send_tgs.c @@ -104,8 +104,8 @@ krb5_send_tgs_basic(context, in_data, in_cred, outbuf) goto cleanup_data; /* put together an eblock for this encryption */ - krb5_use_enctype(context, &eblock, request.ticket->enc_part.enctype); - request.authenticator.enctype = request.ticket->enc_part.enctype; + krb5_use_enctype(context, &eblock, in_cred->keyblock.enctype); + request.authenticator.enctype = in_cred->keyblock.enctype; request.authenticator.ciphertext.length = krb5_encrypt_size(scratch->length, eblock.crypto_entry); -- 2.26.2