From f77df5517ab35f56e5be03faccd22f4b542b9d05 Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@mit.edu>
Date: Thu, 25 Jan 1996 20:04:58 +0000
Subject: [PATCH] get_creds.c:  Only match on enctype if in_creds.keyblock    
 has non-null enctype. (I.E. implement as documented)

gc_via_tkt.c: If the in_creds.keyblock.enctype !=0 then don't call
    send_tgs with a null ktypes paramater; instead, explicitally allow only
    increds.keyblock.enctype.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7385 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/krb/ChangeLog    | 10 ++++++++++
 src/lib/krb5/krb/gc_via_tkt.c | 11 ++++++++++-
 src/lib/krb5/krb/get_creds.c  |  5 +++--
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index a1979242c..5a2c90ed0 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,13 @@
+Thu Jan 25 01:35:52 1996  Sam Hartman  <hartmans@tertius.mit.edu>
+
+	* gc_via_tkt.c (krb5_get_cred_via_tkt): If the keyblock.enctype is
+        non-null in in_cred, then request that particular key.
+
+Wed Jan 24 21:48:53 1996  Sam Hartman  <hartmans@tertius.mit.edu>
+
+	* get_creds.c (krb5_get_credentials): Only match against enctype
+        if it is non-null in increds.
+
 Sun Jan 21 23:32:53 1996  Tom Yu  <tlyu@dragons-lair.MIT.EDU>
 
 	* gc_via_tkt.c (krb5_kdcrep2creds): Set is_skey so get_creds won't
diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c
index 6ba87cf0a..cd8a18c8d 100644
--- a/src/lib/krb5/krb/gc_via_tkt.c
+++ b/src/lib/krb5/krb/gc_via_tkt.c
@@ -111,6 +111,7 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred)
     krb5_kdc_rep *dec_rep;
     krb5_error *err_reply;
     krb5_response tgsrep;
+krb5_enctype *enctypes = 0;
 
     /* tkt->client must be equal to in_cred->client */
     if (!krb5_principal_compare(context, tkt->client, in_cred->client))
@@ -143,7 +144,15 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred)
     }
 */
 
-    if ((retval = krb5_send_tgs(context, kdcoptions, &in_cred->times, NULL, 
+    if (in_cred->keyblock.enctype) {
+	enctypes = (krb5_enctype *) malloc(sizeof(krb5_enctype)*2);
+	if (!enctypes)
+	    return ENOMEM;
+	enctypes[0] = in_cred->keyblock.enctype;
+	enctypes[1] = 0;
+    }
+    
+    if ((retval = krb5_send_tgs(context, kdcoptions, &in_cred->times, enctypes, 
 				in_cred->server, address, in_cred->authdata,
 				0,		/* no padata */
 				(kdcoptions & KDC_OPT_ENC_TKT_IN_SKEY) ? 
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index 169e926c3..32bac9dad 100644
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -72,8 +72,9 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds)
     mcreds.client = in_creds->client;
     
     fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */
-	| KRB5_TC_MATCH_AUTHDATA | KRB5_TC_MATCH_KTYPE;
-
+	| KRB5_TC_MATCH_AUTHDATA ;
+    if (mcreds.keyblock.enctype)
+	fields |= KRB5_TC_MATCH_KTYPE;
     if (options & KRB5_GC_USER_USER) {
 	/* also match on identical 2nd tkt and tkt encrypted in a
 	   session key */
-- 
2.26.2