- k5printf(("krb5: k5_encrypt: enter %p\n", rc));
-
- dectok.length = buflen;
- dectok.value = buf;
-
- if (rc->auth == 1) {
- assert(rc->gss_context != GSS_C_NO_CONTEXT);
- maj_stat = gss_seal(&min_stat, rc->gss_context, 1,
- GSS_C_QOP_DEFAULT, &dectok, &conf_state, &enctok);
- if (maj_stat != (OM_uint32)GSS_S_COMPLETE || conf_state == 0) {
- k5printf(("krb5 encrypt error to %s: %s\n",
- rc->hostname, gss_error(maj_stat, min_stat)));
- return (-1);
+ if (rc->conf_fn && rc->conf_fn("kencrypt", rc->datap)) {
+ auth_debug(1, _("krb5: k5_encrypt: enter %p\n"), rc);
+
+ dectok.length = buflen;
+ dectok.value = buf;
+
+ if (rc->auth == 1) {
+ assert(rc->gss_context != GSS_C_NO_CONTEXT);
+ maj_stat = gss_seal(&min_stat, rc->gss_context, 1,
+ GSS_C_QOP_DEFAULT, &dectok, &conf_state,
+ &enctok);
+ if (maj_stat != (OM_uint32)GSS_S_COMPLETE || conf_state == 0) {
+ auth_debug(1, _("krb5 encrypt error to %s: %s\n"),
+ rc->hostname, gss_error(maj_stat, min_stat));
+ return (-1);
+ }
+ auth_debug(1, _("krb5: k5_encrypt: give %zu bytes\n"),
+ enctok.length);
+ *encbuf = enctok.value;
+ *encbuflen = enctok.length;
+ } else {
+ *encbuf = buf;
+ *encbuflen = buflen;