diff options
Diffstat (limited to 'crypto/heimdal/kdc/kerberos4.c')
-rw-r--r-- | crypto/heimdal/kdc/kerberos4.c | 48 |
1 files changed, 27 insertions, 21 deletions
diff --git a/crypto/heimdal/kdc/kerberos4.c b/crypto/heimdal/kdc/kerberos4.c index 111bd9f..99a7eb6 100644 --- a/crypto/heimdal/kdc/kerberos4.c +++ b/crypto/heimdal/kdc/kerberos4.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos4.c,v 1.36 2001/01/30 01:44:08 assar Exp $"); +RCSID("$Id: kerberos4.c,v 1.39 2001/09/20 09:34:42 assar Exp $"); #ifdef KRB4 @@ -78,18 +78,18 @@ valid_princ(krb5_context context, krb5_principal princ) ret = krb5_unparse_name(context, princ, &s); if (ret) - return 0; + return FALSE; ret = db_fetch(princ, &ent); if (ret) { kdc_log(7, "Lookup %s failed: %s", s, krb5_get_err_text (context, ret)); free(s); - return 0; + return FALSE; } kdc_log(7, "Lookup %s succeeded", s); free(s); free_ent(ent); - return 1; + return TRUE; } krb5_error_code @@ -109,9 +109,10 @@ db_fetch4(const char *name, const char *instance, const char *realm, } krb5_error_code -get_des_key(hdb_entry *principal, krb5_boolean prefer_afs_key, Key **ret_key) +get_des_key(hdb_entry *principal, krb5_boolean is_server, + krb5_boolean prefer_afs_key, Key **ret_key) { - Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL; + Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL; int i; krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5, ETYPE_DES_CBC_MD4, @@ -119,7 +120,8 @@ get_des_key(hdb_entry *principal, krb5_boolean prefer_afs_key, Key **ret_key) for(i = 0; i < sizeof(etypes)/sizeof(etypes[0]) - && (v5_key == NULL || v4_key == NULL || afs_key == NULL); + && (v5_key == NULL || v4_key == NULL || + afs_key == NULL || server_key == NULL); ++i) { Key *key = NULL; while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) { @@ -133,7 +135,8 @@ get_des_key(hdb_entry *principal, krb5_boolean prefer_afs_key, Key **ret_key) } else if(key->salt->type == hdb_afs3_salt) { if(afs_key == NULL) afs_key = key; - } + } else if(server_key == NULL) + server_key = key; } } @@ -144,6 +147,8 @@ get_des_key(hdb_entry *principal, krb5_boolean prefer_afs_key, Key **ret_key) *ret_key = v4_key; else if(v5_key) *ret_key = v5_key; + else if(is_server && server_key) + *ret_key = server_key; else return KERB_ERR_NULL_KEY; } else { @@ -153,6 +158,8 @@ get_des_key(hdb_entry *principal, krb5_boolean prefer_afs_key, Key **ret_key) *ret_key = afs_key; else if(v5_key) *ret_key = v5_key; + else if(is_server && server_key) + *ret_key = server_key; else return KERB_ERR_NULL_KEY; } @@ -267,12 +274,11 @@ do_version4(unsigned char *buf, goto out1; } - ret = get_des_key(client, FALSE, &ckey); + ret = get_des_key(client, FALSE, FALSE, &ckey); if(ret){ - kdc_log(0, "%s", krb5_get_err_text(context, ret)); - /* XXX */ + kdc_log(0, "no suitable DES key for client"); make_err_reply(reply, KDC_NULL_KEY, - "No DES key in database (client)"); + "no suitable DES key for client"); goto out1; } @@ -290,12 +296,12 @@ do_version4(unsigned char *buf, } #endif - ret = get_des_key(server, FALSE, &skey); + ret = get_des_key(server, TRUE, FALSE, &skey); if(ret){ - kdc_log(0, "%s", krb5_get_err_text(context, ret)); + kdc_log(0, "no suitable DES key for server"); /* XXX */ make_err_reply(reply, KDC_NULL_KEY, - "No DES key in database (server)"); + "no suitable DES key for server"); goto out1; } @@ -375,12 +381,12 @@ do_version4(unsigned char *buf, goto out2; } - ret = get_des_key(tgt, FALSE, &tkey); + ret = get_des_key(tgt, TRUE, FALSE, &tkey); if(ret){ - kdc_log(0, "%s", krb5_get_err_text(context, ret)); + kdc_log(0, "no suitable DES key for krbtgt"); /* XXX */ make_err_reply(reply, KDC_NULL_KEY, - "No DES key in database (krbtgt)"); + "no suitable DES key for krbtgt"); goto out2; } @@ -463,12 +469,12 @@ do_version4(unsigned char *buf, goto out2; } - ret = get_des_key(server, FALSE, &skey); + ret = get_des_key(server, TRUE, FALSE, &skey); if(ret){ - kdc_log(0, "%s", krb5_get_err_text(context, ret)); + kdc_log(0, "no suitable DES key for server"); /* XXX */ make_err_reply(reply, KDC_NULL_KEY, - "No DES key in database (server)"); + "no suitable DES key for server"); goto out2; } |