From b8c79298858dcc1b71e7548f6a1d8f6cf22597b9 Mon Sep 17 00:00:00 2001
From: Ken Raeburn <raeburn@mit.edu>
Date: Wed, 1 Sep 1999 21:55:49 +0000
Subject: from 1.1 branch:

* init_ctx.c (get_profile_etype_list): Update name of the des3 entry in the
default etype list.

* init_ctx.c (get_profile_etype_list): New argument DESONLY; if set, ignore any
ktype values other than NULL, DES_CBC_CRC, and DES_CBC_MD5.
(krb5_get_default_in_tkt_ktypes, krb5_get_tgs_ktypes): Set it.
(krb5_get_permitted_enctypes): Don't set it.

* fwd_tgt.c (krb5_fwd_tgt_creds): Use KRB5_TC_SUPPORTED_KTYPES when calling
krb5_cc_retrieve_cred.
* gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Ditto.
* get_creds.c (krb5_get_credentials_core): Set that flag.
(krb5_get_credentials): Check for KRB5_CC_NOT_KTYPE error return.

* t_ser.c (main): Disable eblock serialization test, since the code it tests
was disabled nearly a year ago.

* str_conv.c (krb5_timestamp_to_sfstring): Don't pass extra argument to
sprintf.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11779 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/krb/init_ctx.c | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

(limited to 'src/lib/krb5/krb/init_ctx.c')

diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index 2ddd2d0..8137843 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -250,12 +250,13 @@ krb5_set_default_in_tkt_ktypes(context, ktypes)
 }
 
 static krb5_error_code
-get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
+get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list, desonly)
      krb5_context context;
      krb5_enctype **ktypes;
      char *profstr;
      int ctx_count;
      krb5_enctype FAR *ctx_list;
+     int desonly;
 {
     krb5_enctype *old_ktypes;
 
@@ -283,7 +284,7 @@ get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
 
 	code = profile_get_string(context->profile, "libdefaults", profstr,
 				  NULL,
-				  "des3-hmac-sha1 des-cbc-md5 des-cbc-crc",
+				  "des3-cbc-sha1 des-cbc-md5 des-cbc-crc",
 				  &retval);
 	if (code)
 	    return code;
@@ -313,8 +314,21 @@ get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
 	j = 0;
 	i = 1;
 	while (1) {
-	    if (! krb5_string_to_enctype(sp, &old_ktypes[j]))
+	    if (! krb5_string_to_enctype(sp, &old_ktypes[j])) {
+	      switch (old_ktypes[j]) {
+	      default:
+		if (desonly)
+		  /* Other types not supported yet.  */
+		  break;
+		/* else fall through */
+
+	      case ENCTYPE_NULL:
+	      case ENCTYPE_DES_CBC_CRC:
+	      case ENCTYPE_DES_CBC_MD5:
 		j++;
+		break;
+	      }
+	    }
 
 	    if (i++ >= count)
 		break;
@@ -339,7 +353,7 @@ krb5_get_default_in_tkt_ktypes(context, ktypes)
 {
     return(get_profile_etype_list(context, ktypes, "default_tkt_enctypes",
 				  context->in_tkt_ktype_count,
-				  context->in_tkt_ktypes));
+				  context->in_tkt_ktypes, 1));
 }
 
 krb5_error_code
@@ -382,7 +396,7 @@ krb5_get_tgs_ktypes(context, princ, ktypes)
 {
     return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
 				  context->tgs_ktype_count,
-				  context->tgs_ktypes));
+				  context->tgs_ktypes, 1));
 }
 
 krb5_error_code
@@ -392,7 +406,7 @@ krb5_get_permitted_enctypes(context, ktypes)
 {
     return(get_profile_etype_list(context, ktypes, "permitted_enctypes",
 				  context->tgs_ktype_count,
-				  context->tgs_ktypes));
+				  context->tgs_ktypes, 0));
 }
 
 krb5_boolean
-- 
cgit v1.1