1 files changed, 42 insertions, 5 deletions

diff --git a/src/lib/krb4/rd_req.c b/src/lib/krb4/rd_req.c
index 79564e4..a78aadc 100644
--- a/src/lib/krb4/rd_req.c
+++ b/src/lib/krb4/rd_req.c
@@ -32,6 +32,7 @@ static int st_kvno;		/* version number for this key */
 static char st_rlm[REALM_SZ];	/* server's realm */
 static char st_nam[ANAME_SZ];	/* service name */
 static char st_inst[INST_SZ];	/* server's instance */
+static int krb5_key;		/* whether krb5 key is used for decrypt */
 
 /*
  * This file contains two functions.  krb_set_key() takes a DES
@@ -62,11 +63,18 @@ static char st_inst[INST_SZ];	/* server's instance */
  * krb_rd_req().
  */
 
+#include <krb5.h>
+static krb5_keyblock srv_k5key;
+
 int
 krb_set_key(key,cvt)
     char *key;
     int cvt;
 {
+    if (krb5_key)
+	/* XXX assumes that context arg is ignored */
+	krb5_free_keyblock_contents(NULL, &srv_k5key);
+    krb5_key = 0;
 #ifdef NOENCRYPTION
     memset(ky, 0, sizeof(ky));
     return KSUCCESS;
@@ -79,6 +87,25 @@ krb_set_key(key,cvt)
 #endif /* NOENCRYPTION */
 }
 
+int
+krb_set_key_krb5(ctx, key)
+    krb5_context ctx;
+    krb5_keyblock *key;
+{
+    if (krb5_key)
+	krb5_free_keyblock_contents(ctx, &srv_k5key);
+    krb5_key = 1;
+    return krb5_copy_keyblock_contents(ctx, key, &srv_k5key);
+}
+
+void
+krb_clear_key_krb5(ctx)
+    krb5_context ctx;
+{
+    if (krb5_key)
+	krb5_free_keyblock_contents(ctx, &srv_k5key);
+    krb5_key = 0;
+}
 
 /*
  * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or
@@ -234,15 +261,25 @@ krb_rd_req(authent,service,instance,from_addr,ad,fn)
     /* Decrypt and take apart ticket */
 #endif
 
-    if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm,
-                      &(ad->address),ad->session, &(ad->life),
-                      &(ad->time_sec),sname,iname,ky,serv_key)) {
+    if (!krb5_key) {
+	if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm,
+			  &(ad->address),ad->session, &(ad->life),
+			  &(ad->time_sec),sname,iname,ky,serv_key)) {
 #ifdef KRB_CRYPT_DEBUG
-	log("Can't decode ticket");
+	    log("Can't decode ticket");
 #endif
-        return(RD_AP_UNDEC);
+	    return(RD_AP_UNDEC);
+	}
+    } else {
+	if (decomp_tkt_krb5(tkt, &ad->k_flags, ad->pname, ad->pinst,
+			    ad->prealm, &ad->address, ad->session,
+			    &ad->life, &ad->time_sec, sname, iname,
+			    srv_k5key)) {
+	    return RD_AP_UNDEC;
+	}
     }
 
+
 #ifdef KRB_CRYPT_DEBUG
     if (krb_ap_req_debug) {
         log("Ticket Contents.");