when decrypting pa-data, try all keys matching enctype

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10974 ec53bebd-3082-4978-b11e-865c3cabbd6b
2002-05-07 10:27:35 +00:00
parent d58d385a52
commit f446478772
1 changed files with 9 additions and 5 deletions
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -575,6 +575,7 @@ as_rep(KDC_REQ *req,
 		continue;
 	    }

+	  try_next_key:
 	    ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto);
 	    if (ret) {
 		kdc_log(0, "krb5_crypto_init failed: %s",
@@ -591,6 +592,9 @@ as_rep(KDC_REQ *req,
 	    krb5_crypto_destroy(context, crypto);
 	    free_EncryptedData(&enc_data);
 	    if(ret){
+		if(hdb_next_enctype2key(context, client, 
+					enc_data.etype, &pa_key) == 0)
+		    goto try_next_key;
 		e_text = "Failed to decrypt PA-DATA";
 		kdc_log (5, "Failed to decrypt PA-DATA -- %s",
 			 client_name);