From b301a723e23ad23e570b43b3354e841d010f014c Mon Sep 17 00:00:00 2001
From: Richard Basch <probe@mit.edu>
Date: Fri, 22 Mar 1996 04:55:58 +0000
Subject: [PATCH] krb5_get_in_tkt_with_keytab(): only request keytypes that
 have corresponding entries in the keytab.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7702 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/krb/ChangeLog    |  5 +++
 src/lib/krb5/krb/in_tkt_ktb.c | 57 ++++++++++++++++++++++++++++++++---
 2 files changed, 57 insertions(+), 5 deletions(-)

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 8ac2c0843..57906865a 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -8,6 +8,11 @@ Wed Mar 20 23:00:59 1996  Theodore Y. Ts'o  <tytso@dcl>
 	* get_in_tkt.c (krb5_get_in_tkt): Fix 16bit vs. 32bit error.
 		(do_more should not have been an int!)
 
+Tue Mar 19 13:03:26 1996  Richard Basch  <basch@lehman.com>
+
+	* in_tkt_ktb.c (krb5_get_in_tkt_with_keytab):
+	Only request keytypes that correspond to those in the keytab.
+
 Mon Mar 18 21:49:39 1996  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
 	* configure.in: Add KRB5_RUN_FLAGS
diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c
index deb7a4a1a..f0b0ab3e3 100644
--- a/src/lib/krb5/krb/in_tkt_ktb.c
+++ b/src/lib/krb5/krb/in_tkt_ktb.c
@@ -126,12 +126,59 @@ krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types,
     krb5_kdc_rep ** ret_as_reply;
 {
     struct keytab_keyproc_arg arg;
+    krb5_enctype * kt_ktypes = (krb5_enctype *) NULL;
+    krb5_keytab kt_id = keytab;
+    krb5_keytab_entry kt_ent;
+    krb5_error_code retval;
+    register int i, j;
+
+    if (! ktypes) {
+	/* get the default enctype list */
+	retval = krb5_get_default_in_tkt_ktypes(context, &kt_ktypes);
+	if (retval) return retval;
+    } else {
+	/* copy the desired enctypes into a temporary array */
+	for (i = 0; ktypes[i]; i++) ;
+	kt_ktypes = (krb5_enctype *)malloc((i + 1) * sizeof(krb5_enctype));
+	if (! kt_ktypes) return ENOMEM;
+	for (i = 0; kt_ktypes[i] = ktypes[i]; i++) ;
+    }
+
+    /* only keep the enctypes for which we have keytab entries */
 
-    arg.keytab = keytab;
+    if (kt_id == NULL) {
+	retval = krb5_kt_default(context, &kt_id);
+	if (retval) goto cleanup;
+    }
+    i = 0;
+    while (kt_ktypes[i]) {
+	retval = krb5_kt_get_entry(context, kt_id, creds->client,
+				   0, /* don't have vno available */
+				   kt_ktypes[i], &kt_ent);
+	if (retval) {
+	    if (retval != KRB5_KT_NOTFOUND)
+		goto cleanup;
+	    /* strip the enctype from the requested enctype list */
+	    for (j = i; kt_ktypes[j] = kt_ktypes[j+1]; j++) ;
+	} else {
+	    /* we have this enctype; proceed to the next one */
+	    (void) krb5_kt_free_entry(context, &kt_ent);
+	    i++;
+	}
+    }
+
+    arg.keytab = kt_id;
     arg.client = creds->client;
 
-    return (krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, 
-			    keytab_keyproc, (krb5_pointer)&arg,
-			    krb5_kdc_rep_decrypt_proc, 0, creds,
-			    ccache, ret_as_reply));
+    retval = krb5_get_in_tkt(context, options, addrs, kt_ktypes,
+			     pre_auth_types,
+			     keytab_keyproc, (krb5_pointer)&arg,
+			     krb5_kdc_rep_decrypt_proc, 0, creds,
+			     ccache, ret_as_reply);
+cleanup:
+    if (kt_ktypes)
+	free(kt_ktypes);
+    if ((keytab == NULL) && (kt_id != NULL))
+	krb5_kt_close(context, kt_id);
+    return retval;
 }
-- 
2.26.2