From 63e52e539d6b5bda02c07ff9d09e456d4b47a344 Mon Sep 17 00:00:00 2001 From: Richard Basch Date: Wed, 27 Mar 1996 22:55:17 +0000 Subject: [PATCH] * in_tkt_ktb.c (keytab_keyproc): Do not check to see that the enctype of the key is identical; there are several equivalent DES enctypes. * in_tkt_ktb.c (krb5_get_in_tkt_with_keytab): Removed the fancy logic to only request the keytypes that correspond to those in the keytab. There were too many fencepost conditions that could get you into trouble. Either it should be there and *fully* functional, or not in there at all. Besides, there are too many other components in Kerberos that expect the end-service to know all its keys that this sanity check is overkill. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7720 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 14 ++++++++ src/lib/krb5/krb/in_tkt_ktb.c | 65 ++++------------------------------- 2 files changed, 20 insertions(+), 59 deletions(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 796754ae8..ba9bc2a2e 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -4,6 +4,20 @@ Tue Mar 26 14:45:03 1996 Richard Basch requiring domain conversion for the instance. (imap/ is used by some of the new imap mail implementations) +Wed Mar 27 17:05:47 1996 Richard Basch + + * in_tkt_ktb.c (keytab_keyproc): Do not check to see that the + enctype of the key is identical; there are several equivalent + DES enctypes. + + * in_tkt_ktb.c (krb5_get_in_tkt_with_keytab): Removed the fancy + logic to only request the keytypes that correspond to those in + the keytab. There were too many fencepost conditions that could + get you into trouble. Either it should be there and *fully* + functional, or not in there at all. Besides, there are too many + other components in Kerberos that expect the end-service to know + all its keys that this sanity check is overkill. + Sun Mar 24 01:34:14 1996 Sam Hartman * send_tgs.c (krb5_send_tgs_basic): You want to setup the eblock diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c index f0b0ab3e3..257ecce0f 100644 --- a/src/lib/krb5/krb/in_tkt_ktb.c +++ b/src/lib/krb5/krb/in_tkt_ktb.c @@ -78,13 +78,6 @@ keytab_keyproc(context, type, salt, keyseed, key) (void) krb5_kt_free_entry(context, &kt_ent); goto cleanup; } - - if (realkey->enctype != type) { - (void) krb5_kt_free_entry(context, &kt_ent); - krb5_free_keyblock(context, realkey); - retval = KRB5_PROG_ETYPE_NOSUPP; - goto cleanup; - } (void) krb5_kt_free_entry(context, &kt_ent); *key = realkey; @@ -126,59 +119,13 @@ krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types, krb5_kdc_rep ** ret_as_reply; { struct keytab_keyproc_arg arg; - krb5_enctype * kt_ktypes = (krb5_enctype *) NULL; - krb5_keytab kt_id = keytab; - krb5_keytab_entry kt_ent; - krb5_error_code retval; - register int i, j; - - if (! ktypes) { - /* get the default enctype list */ - retval = krb5_get_default_in_tkt_ktypes(context, &kt_ktypes); - if (retval) return retval; - } else { - /* copy the desired enctypes into a temporary array */ - for (i = 0; ktypes[i]; i++) ; - kt_ktypes = (krb5_enctype *)malloc((i + 1) * sizeof(krb5_enctype)); - if (! kt_ktypes) return ENOMEM; - for (i = 0; kt_ktypes[i] = ktypes[i]; i++) ; - } - - /* only keep the enctypes for which we have keytab entries */ - if (kt_id == NULL) { - retval = krb5_kt_default(context, &kt_id); - if (retval) goto cleanup; - } - i = 0; - while (kt_ktypes[i]) { - retval = krb5_kt_get_entry(context, kt_id, creds->client, - 0, /* don't have vno available */ - kt_ktypes[i], &kt_ent); - if (retval) { - if (retval != KRB5_KT_NOTFOUND) - goto cleanup; - /* strip the enctype from the requested enctype list */ - for (j = i; kt_ktypes[j] = kt_ktypes[j+1]; j++) ; - } else { - /* we have this enctype; proceed to the next one */ - (void) krb5_kt_free_entry(context, &kt_ent); - i++; - } - } - - arg.keytab = kt_id; + arg.keytab = keytab; arg.client = creds->client; - retval = krb5_get_in_tkt(context, options, addrs, kt_ktypes, - pre_auth_types, - keytab_keyproc, (krb5_pointer)&arg, - krb5_kdc_rep_decrypt_proc, 0, creds, - ccache, ret_as_reply); -cleanup: - if (kt_ktypes) - free(kt_ktypes); - if ((keytab == NULL) && (kt_id != NULL)) - krb5_kt_close(context, kt_id); - return retval; + return(krb5_get_in_tkt(context, options, addrs, ktypes, + pre_auth_types, + keytab_keyproc, (krb5_pointer)&arg, + krb5_kdc_rep_decrypt_proc, 0, creds, + ccache, ret_as_reply)); } -- 2.26.2