From 350a6a210a32ca99ca03529bd705f2cc673ded81 Mon Sep 17 00:00:00 2001 From: Richard Basch Date: Tue, 5 Dec 1995 03:48:32 +0000 Subject: [PATCH] Added support for matching against a supported app. session key type git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7170 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/ccache/file/fcc_retrv.c | 27 ++++++++++++++++++++++++++ src/lib/krb5/ccache/memory/mcc_retrv.c | 27 ++++++++++++++++++++++++++ src/lib/krb5/ccache/stdio/scc_retrv.c | 27 ++++++++++++++++++++++++++ 3 files changed, 81 insertions(+) diff --git a/src/lib/krb5/ccache/file/fcc_retrv.c b/src/lib/krb5/ccache/file/fcc_retrv.c index c7f03ebc2..1076cee33 100644 --- a/src/lib/krb5/ccache/file/fcc_retrv.c +++ b/src/lib/krb5/ccache/file/fcc_retrv.c @@ -68,6 +68,30 @@ register const krb5_data *data1, *data2; return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE; } +static krb5_boolean +ktype_match(context, creds) +register krb5_context context; +register krb5_creds *creds; +{ + register int i; + krb5_enctype * ktypes = (krb5_enctype *) NULL; + krb5_enctype enctype = creds->keyblock.enctype; + krb5_principal princ = creds->server; + + if (krb5_get_tgs_ktypes(context, princ, &ktypes)) + return FALSE; + + for (i=0; ktypes[i]; i++) { + if (ktypes[i] == enctype) { + free(ktypes); + return TRUE; + } + } + + free(ktypes); + return FALSE; +} + /* * Effects: * Searches the file cred cache is for a credential matching mcreds, @@ -132,6 +156,9 @@ krb5_fcc_retrieve(context, id, whichfields, mcreds, creds) && (! set(KRB5_TC_MATCH_2ND_TKT) || data_match (&mcreds->second_ticket, &fetchcreds.second_ticket)) + && + (! set(KRB5_TC_MATCH_KTYPE) || + ktype_match (context, &fetchcreds)) ) { krb5_fcc_end_seq_get(context, id, &cursor); diff --git a/src/lib/krb5/ccache/memory/mcc_retrv.c b/src/lib/krb5/ccache/memory/mcc_retrv.c index 239347434..0d61f2b28 100644 --- a/src/lib/krb5/ccache/memory/mcc_retrv.c +++ b/src/lib/krb5/ccache/memory/mcc_retrv.c @@ -64,6 +64,30 @@ register const krb5_data *data1, *data2; return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE; } +static krb5_boolean +ktype_match(context, creds) +register krb5_context context; +register krb5_creds *creds; +{ + register int i; + krb5_enctype * ktypes = (krb5_enctype *) NULL; + krb5_enctype enctype = creds->keyblock.enctype; + krb5_principal princ = creds->server; + + if (krb5_get_tgs_ktypes(context, princ, &ktypes)) + return FALSE; + + for (i=0; ktypes[i]; i++) { + if (ktypes[i] == enctype) { + free(ktypes); + return TRUE; + } + } + + free(ktypes); + return FALSE; +} + /* * Effects: * Searches the file cred cache for a credential matching mcreds, @@ -128,6 +152,9 @@ krb5_mcc_retrieve(context, id, whichfields, mcreds, creds) && (! set(KRB5_TC_MATCH_2ND_TKT) || data_match (&mcreds->second_ticket, &fetchcreds.second_ticket)) + && + (! set(KRB5_TC_MATCH_KTYPE) || + ktype_match (context, &fetchcreds)) ) { krb5_mcc_end_seq_get(context, id, &cursor); diff --git a/src/lib/krb5/ccache/stdio/scc_retrv.c b/src/lib/krb5/ccache/stdio/scc_retrv.c index c196c00fa..2f3340f8d 100644 --- a/src/lib/krb5/ccache/stdio/scc_retrv.c +++ b/src/lib/krb5/ccache/stdio/scc_retrv.c @@ -134,6 +134,30 @@ register const krb5_data *data1, *data2; return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE; } +static krb5_boolean +ktype_match(context, creds) +register krb5_context context; +register krb5_creds *creds; +{ + register int i; + krb5_enctype * ktypes = (krb5_enctype *) NULL; + krb5_enctype enctype = creds->keyblock.enctype; + krb5_principal princ = creds->server; + + if (krb5_get_tgs_ktypes(context, princ, &ktypes)) + return FALSE; + + for (i=0; ktypes[i]; i++) { + if (ktypes[i] == enctype) { + free(ktypes); + return TRUE; + } + } + + free(ktypes); + return FALSE; +} + /* * Effects: * Searches the file cred cache is for a credential matching mcreds, @@ -198,6 +222,9 @@ krb5_scc_retrieve(context, id, whichfields, mcreds, creds) && (! set(KRB5_TC_MATCH_2ND_TKT) || data_match (&mcreds->second_ticket, &fetchcreds.second_ticket)) + && + (! set(KRB5_TC_MATCH_KTYPE) || + ktype_match (context, &fetchcreds)) ) { krb5_scc_end_seq_get(context, id, &cursor); -- 2.26.2