diff options
Diffstat (limited to 'src/lib/krb5/krb/fwd_tgt.c')
-rw-r--r-- | src/lib/krb5/krb/fwd_tgt.c | 38 |
1 files changed, 35 insertions, 3 deletions
diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c index 814195a..2e2c5db 100644 --- a/src/lib/krb5/krb/fwd_tgt.c +++ b/src/lib/krb5/krb/fwd_tgt.c @@ -53,6 +53,8 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc, krb5_flags kdcoptions; int close_cc = 0; int free_rhost = 0; + krb5_enctype enctype = 0; + krb5_keyblock *session_key; memset((char *)&creds, 0, sizeof(creds)); memset((char *)&tgt, 0, sizeof(creds)); @@ -71,7 +73,36 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc, memcpy(rhost, server->data[1].data, server->data[1].length); rhost[server->data[1].length] = '\0'; } - + retval = krb5_auth_con_getkey (context, auth_context, &session_key); + if (retval) + goto errout; + if (session_key) { + enctype = session_key->enctype; + krb5_free_keyblock (context, session_key); + session_key = NULL; + } else if (server) { /* must server be non-NULL when rhost is given? */ + /* Try getting credentials to see what the remote side supports. + Not bulletproof, just a heuristic. */ + krb5_creds in, *out = 0; + memset (&in, 0, sizeof(in)); + + retval = krb5_copy_principal (context, server, &in.server); + if (retval) + goto punt; + retval = krb5_copy_principal (context, client, &in.client); + if (retval) + goto punt; + retval = krb5_get_credentials (context, 0, cc, &in, &out); + if (retval) + goto punt; + /* Got the credentials. Okay, now record the enctype and + throw them away. */ + enctype = out->keyblock.enctype; + krb5_free_creds (context, out); + punt: + krb5_free_cred_contents (context, &in); + } + retval = krb5_os_hostaddr(context, rhost, &addrs); if (retval) goto errout; @@ -90,7 +121,7 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc, goto errout; if (cc == 0) { - if ((retval = krb5_cc_default(context, &cc))) + if ((retval = krb5int_cc_default(context, &cc))) goto errout; close_cc = 1; } @@ -111,7 +142,8 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc, retval = KRB5_NO_TKT_SUPPLIED; goto errout; } - + + creds.keyblock.enctype = enctype; creds.times = tgt.times; creds.times.starttime = 0; kdcoptions = flags2options(tgt.ticket_flags)|KDC_OPT_FORWARDED; |