From 2f0de7c22a5a554fff28c17ae7c0a741dfd48108 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Thu, 25 Jan 1996 20:01:45 +0000 Subject: [PATCH] Previously, ktype_match only made sure that the enctype was valid and in the set of default tgs enctypes. Now, if matching on keytype, do an exact match, else use ktype_reasonable (renamed ktype_match) to make sure the ticket is in the default tgs enctypes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7384 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/ccache/file/ChangeLog | 8 ++++++++ src/lib/krb5/ccache/file/fcc_retrv.c | 10 +++++----- src/lib/krb5/ccache/memory/ChangeLog | 5 +++++ src/lib/krb5/ccache/memory/mcc_retrv.c | 11 ++++++----- src/lib/krb5/ccache/stdio/ChangeLog | 5 +++++ src/lib/krb5/ccache/stdio/scc_retrv.c | 11 ++++++----- 6 files changed, 35 insertions(+), 15 deletions(-) diff --git a/src/lib/krb5/ccache/file/ChangeLog b/src/lib/krb5/ccache/file/ChangeLog index d9634a711..05a33d7e0 100644 --- a/src/lib/krb5/ccache/file/ChangeLog +++ b/src/lib/krb5/ccache/file/ChangeLog @@ -1,3 +1,11 @@ +Wed Jan 24 21:36:34 1996 Sam Hartman + + * fcc_retrv.c (ktype_reasonable): Renamed ktype_match because it + didn't really match enctypes. Instead, it just determined whether + they were something the TGS would likely return. When I ask for + an exact enctype match, I want an enctype match. + (krb5_fcc_retrieve): Match keytype exactly if matching enctype. + Wed Jan 10 21:14:31 1996 Theodore Y. Ts'o * fcc.h (KRB5_FCC_DEFAULT_VNO): Remove KRB5_FCC_DEFAULT_VNO; now diff --git a/src/lib/krb5/ccache/file/fcc_retrv.c b/src/lib/krb5/ccache/file/fcc_retrv.c index 1076cee33..2e1bdf838 100644 --- a/src/lib/krb5/ccache/file/fcc_retrv.c +++ b/src/lib/krb5/ccache/file/fcc_retrv.c @@ -69,7 +69,7 @@ register const krb5_data *data1, *data2; } static krb5_boolean -ktype_match(context, creds) +ktype_reasonable(context, creds) register krb5_context context; register krb5_creds *creds; { @@ -132,7 +132,7 @@ krb5_fcc_retrieve(context, id, whichfields, mcreds, creds) return kret; while ((kret = krb5_fcc_next_cred(context, id, &cursor, &fetchcreds)) == KRB5_OK) { - if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) && + if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) && srvname_match(context, mcreds, &fetchcreds)) || standard_fields_match(context, mcreds, &fetchcreds)) && @@ -157,9 +157,9 @@ krb5_fcc_retrieve(context, id, whichfields, mcreds, creds) (! set(KRB5_TC_MATCH_2ND_TKT) || data_match (&mcreds->second_ticket, &fetchcreds.second_ticket)) && - (! set(KRB5_TC_MATCH_KTYPE) || - ktype_match (context, &fetchcreds)) - ) + ((! set(KRB5_TC_MATCH_KTYPE)&& + ktype_reasonable (context, &fetchcreds))|| + (mcreds->keyblock.enctype == fetchcreds.keyblock.enctype))) { krb5_fcc_end_seq_get(context, id, &cursor); *creds = fetchcreds; diff --git a/src/lib/krb5/ccache/memory/ChangeLog b/src/lib/krb5/ccache/memory/ChangeLog index aeb5a566c..2064c8c39 100644 --- a/src/lib/krb5/ccache/memory/ChangeLog +++ b/src/lib/krb5/ccache/memory/ChangeLog @@ -1,3 +1,8 @@ +Thu Jan 25 14:50:51 1996 Sam Hartman + + * mcc_retrv.c (ktype_reasonable): Rename ktype_match + (krb5_mcc_retrieve): Match enctype exactly if requested. + Sat Nov 4 00:45:42 1995 Theodore Y. Ts'o * mcc_ops.c: Remove excess code which is defined in fcc_ops.c diff --git a/src/lib/krb5/ccache/memory/mcc_retrv.c b/src/lib/krb5/ccache/memory/mcc_retrv.c index 0d61f2b28..9280c73b7 100644 --- a/src/lib/krb5/ccache/memory/mcc_retrv.c +++ b/src/lib/krb5/ccache/memory/mcc_retrv.c @@ -65,9 +65,9 @@ register const krb5_data *data1, *data2; } static krb5_boolean -ktype_match(context, creds) -register krb5_context context; -register krb5_creds *creds; +ktype_reasonable(context, creds) + register krb5_context context; + register krb5_creds *creds; { register int i; krb5_enctype * ktypes = (krb5_enctype *) NULL; @@ -153,8 +153,9 @@ krb5_mcc_retrieve(context, id, whichfields, mcreds, creds) (! set(KRB5_TC_MATCH_2ND_TKT) || data_match (&mcreds->second_ticket, &fetchcreds.second_ticket)) && - (! set(KRB5_TC_MATCH_KTYPE) || - ktype_match (context, &fetchcreds)) + ((! set(KRB5_TC_MATCH_KTYPE) && + ktype_reasonable (context, &fetchcreds))|| + (mcreds->keyblock.enctype == fetchcreds.keyblock.enctype)) ) { krb5_mcc_end_seq_get(context, id, &cursor); diff --git a/src/lib/krb5/ccache/stdio/ChangeLog b/src/lib/krb5/ccache/stdio/ChangeLog index 5a3939e7b..1b3e55b97 100644 --- a/src/lib/krb5/ccache/stdio/ChangeLog +++ b/src/lib/krb5/ccache/stdio/ChangeLog @@ -1,3 +1,8 @@ +Thu Jan 25 14:44:48 1996 Sam Hartman + + * scc_retrv.c (ktype_reasonable): Rename ktype_match; see fcc for explanation. + (krb5_scc_retrieve): Match exactly on enctype if requested to do so. + Wed Jan 10 22:44:43 1996 Theodore Y. Ts'o * scc.h (KRB5_SCC_DEFAULT_VNO): Remove KRB5_SCC_DEFAULT_VNO; now diff --git a/src/lib/krb5/ccache/stdio/scc_retrv.c b/src/lib/krb5/ccache/stdio/scc_retrv.c index 2f3340f8d..0c905d7c9 100644 --- a/src/lib/krb5/ccache/stdio/scc_retrv.c +++ b/src/lib/krb5/ccache/stdio/scc_retrv.c @@ -135,9 +135,9 @@ register const krb5_data *data1, *data2; } static krb5_boolean -ktype_match(context, creds) -register krb5_context context; -register krb5_creds *creds; +ktype_reasonable(context, creds) + register krb5_context context; + register krb5_creds *creds; { register int i; krb5_enctype * ktypes = (krb5_enctype *) NULL; @@ -223,8 +223,9 @@ krb5_scc_retrieve(context, id, whichfields, mcreds, creds) (! set(KRB5_TC_MATCH_2ND_TKT) || data_match (&mcreds->second_ticket, &fetchcreds.second_ticket)) && - (! set(KRB5_TC_MATCH_KTYPE) || - ktype_match (context, &fetchcreds)) + ((! set(KRB5_TC_MATCH_KTYPE)&& + ktype_reasonable (context, &fetchcreds))|| + (mcreds->keyblock.enctype == fetchcreds.keyblock.enctype)) ) { krb5_scc_end_seq_get(context, id, &cursor); -- 2.26.2