From 1dc38a03cb8a0c66b9ae22a05e3b2fecb3e57462 Mon Sep 17 00:00:00 2001
From: Johan Danielsson <joda@pdc.kth.se>
Date: Sat, 12 Jul 1997 15:13:24 +0000
Subject: [PATCH] Check authenticator checksum type.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2197 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/kerberos5.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index 02caaf72d..291115382 100644
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -335,7 +335,11 @@ tgs_rep(krb5_context context,
 	    krb5_auth_getauthenticator(context, ac, &auth);
 	    if(auth->cksum == NULL)
 		return KRB5KRB_AP_ERR_INAPP_CKSUM;
-	    /* XXX check for keyed and collision-proof */
+	    /* XXX */
+	    if (auth->cksum->cksumtype != CKSUMTYPE_RSA_MD4 &&
+		auth->cksum->cksumtype != CKSUMTYPE_RSA_MD5)
+		return KRB5KRB_AP_ERR_INAPP_CKSUM;
+		
 	    /* XXX */
 	    encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf),
 				b, &len);
@@ -549,7 +553,7 @@ tgs_rep(krb5_context context,
 
 	    krb5_encrypt_EncryptedData(context,
 				       buf + sizeof(buf) - len, len,
-				       ETYPE_DES_CBC_MD5, /* XXX */
+				       etype, /* XXX */
 				       &tgt->key,
 				       &rep.enc_part);