svn rev #25524: branches/krb5-1-10/src/lib/krb5/krb/

tlyu@MIT.EDU tlyu at MIT.EDU
Mon Dec 5 19:07:11 EST 2011 

http://src.mit.edu/fisheye/changelog/krb5/?cs=25524
Commit By: tlyu
Log Message:
ticket: 7033
version_fixed: 1.10
status: resolved

pull up r25504 from trunk

 ------------------------------------------------------------------------
 r25504 | ghudson | 2011-12-04 17:38:36 -0500 (Sun, 04 Dec 2011) | 20 lines

 ticket: 7033
 target_version: 1.10
 tags: pullup

 Set a default enctype for optimistic preauth

 When the client application requests optimistic preauth for a preauth
 type which uses the password, we don't have an etype-info2 to
 interpret since we haven't talked to the KDC.  So we need to guess an
 enctype, salt, and s2k parameters.  In 1.9 and prior, encrypted
 timestamp contained code to use the first requested enctype in this
 case, but encrypted challenge did not.  In 1.10 prior to this change,
 neither mechanism uses a reasonable default.

 Set a default enctype in krb5_init_creds_init so that all
 password-based preauth mechanisms will use a reasonable default in the
 optimistic preauth case.  The default salt and s2k parameters for this
 case will be the principal-based default salt and the enctype-based
 default parameters.


Changed Files:
U   branches/krb5-1-10/src/lib/krb5/krb/get_in_tkt.c
Modified: branches/krb5-1-10/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- branches/krb5-1-10/src/lib/krb5/krb/get_in_tkt.c	2011-12-05 23:43:31 UTC (rev 25523)
+++ branches/krb5-1-10/src/lib/krb5/krb/get_in_tkt.c	2011-12-06 00:07:11 UTC (rev 25524)
@@ -938,6 +938,14 @@
         goto cleanup;
     }
 
+    /*
+     * Set a default enctype for optimistic preauth.  If we're not doing
+     * optimistic preauth, this should ordinarily get overwritten when we
+     * process the etype-info2 of the preauth-required error.
+     */
+    if (ctx->request->nktypes > 0)
+        ctx->etype = ctx->request->ktype[0];
+
     /* addresess */
     if (opte->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST) {
         code = krb5_copy_addresses(context, opte->address_list,

More information about the cvs-krb5 mailing list