From 6283405899f726302fb6098c6a3493438e264f0e Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Mon, 29 Sep 1997 20:50:58 +0000
Subject: [PATCH] (krb5_rd_req): redone because we don't know the kvno or
 keytype before receiving the AP-REQ

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3574 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/rd_req.c | 100 ++++++++++++++++++++++++++++++++++------------
 1 file changed, 74 insertions(+), 26 deletions(-)

diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c
index afd77e305..4a0b4f097 100644
--- a/lib/krb5/rd_req.c
+++ b/lib/krb5/rd_req.c
@@ -236,17 +236,19 @@ krb5_verify_ap_req(krb5_context context,
 		   
 
 krb5_error_code
-krb5_rd_req_with_keyblock(krb5_context context,
-			  krb5_auth_context *auth_context,
-			  const krb5_data *inbuf,
-			  krb5_const_principal server,
-			  krb5_keyblock *keyblock,
-			  krb5_flags *ap_req_options,
-			  krb5_ticket **ticket)
+krb5_rd_req_with_keytab(krb5_context context,
+			krb5_auth_context *auth_context,
+			const krb5_data *inbuf,
+			krb5_const_principal server,
+			krb5_keytab keytab,
+			krb5_flags *ap_req_options,
+			krb5_ticket **ticket)
 {
+    krb5_keytab_entry entry;
     krb5_error_code ret;
     krb5_ap_req ap_req;
-    size_t len;
+    int kvno;
+    krb5_keytype keytype;
 
     if (*auth_context == NULL) {
 	ret = krb5_auth_con_init(context, auth_context);
@@ -257,7 +259,62 @@ krb5_rd_req_with_keyblock(krb5_context context,
     ret = krb5_decode_ap_req(context, inbuf, &ap_req);
     if(ret)
 	return ret;
+
+    if (ap_req.ticket.enc_part.kvno)
+	kvno = *ap_req.ticket.enc_part.kvno;
+    else
+	kvno = 0;
+
+    ret = krb5_etype_to_keytype (context,
+				 ap_req.ticket.enc_part.etype,
+				 &keytype);
+    if (ret)
+	goto out;
+
+    ret = krb5_kt_get_entry (context,
+			     keytab,
+			     server,
+			     kvno,
+			     keytype,
+			     &entry);
+    if (ret)
+	goto out;
     
+    ret = krb5_verify_ap_req(context,
+			     auth_context,
+			     &ap_req,
+			     server,
+			     &entry.keyblock,
+			     ap_req_options,
+			     ticket);
+    krb5_kt_free_entry (context, &entry);
+out:    
+    free_AP_REQ(&ap_req);
+    return ret;
+}
+
+krb5_error_code
+krb5_rd_req_with_keyblock(krb5_context context,
+			  krb5_auth_context *auth_context,
+			  const krb5_data *inbuf,
+			  krb5_const_principal server,
+			  krb5_keyblock *keyblock,
+			  krb5_flags *ap_req_options,
+			  krb5_ticket **ticket)
+{
+    krb5_error_code ret;
+    krb5_ap_req ap_req;
+
+    if (*auth_context == NULL) {
+	ret = krb5_auth_con_init(context, auth_context);
+	if (ret)
+	    return ret;
+    }
+
+    ret = krb5_decode_ap_req(context, inbuf, &ap_req);
+    if(ret)
+	return ret;
+
     ret = krb5_verify_ap_req(context,
 			     auth_context,
 			     &ap_req,
@@ -265,6 +322,7 @@ krb5_rd_req_with_keyblock(krb5_context context,
 			     keyblock,
 			     ap_req_options,
 			     ticket);
+
     free_AP_REQ(&ap_req);
     return ret;
 }
@@ -287,24 +345,14 @@ krb5_rd_req(krb5_context context,
     else
 	real_keytab = keytab;
 
-    ret = krb5_kt_get_entry(context,
-			    real_keytab,
-			    server,
-			    0,
-			    KEYTYPE_DES,
-			    &entry);
-    if(ret)
-	goto out;
-    
-    ret = krb5_rd_req_with_keyblock(context,
-				    auth_context,
-				    inbuf,
-				    server,
-				    &entry.keyblock,
-				    ap_req_options,
-				    ticket);
-    krb5_kt_free_entry (context, &entry);
-out:
+    ret = krb5_rd_req_with_keytab(context,
+				  auth_context,
+				  inbuf,
+				  server,
+				  real_keytab,
+				  ap_req_options,
+				  ticket);
+
     if (keytab == NULL)
 	krb5_kt_close (context, real_keytab);