From 3e1b5578a65fa361c43280add3f397a5d6ffd77d Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Fri, 17 Aug 2001 07:48:24 +0000 Subject: [PATCH] (get_des_key): if getting a key for a server, return any des-key not just keys that can be string-to-keyed by the client git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10497 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kdc/kerberos4.c | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/kdc/kerberos4.c b/kdc/kerberos4.c index 8eedac673..25799f228 100644 --- a/kdc/kerberos4.c +++ b/kdc/kerberos4.c @@ -109,9 +109,10 @@ db_fetch4(const char *name, const char *instance, const char *realm, } krb5_error_code -get_des_key(hdb_entry *principal, krb5_boolean prefer_afs_key, Key **ret_key) +get_des_key(hdb_entry *principal, krb5_boolean is_server, + krb5_boolean prefer_afs_key, Key **ret_key) { - Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL; + Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL; int i; krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5, ETYPE_DES_CBC_MD4, @@ -119,7 +120,8 @@ get_des_key(hdb_entry *principal, krb5_boolean prefer_afs_key, Key **ret_key) for(i = 0; i < sizeof(etypes)/sizeof(etypes[0]) - && (v5_key == NULL || v4_key == NULL || afs_key == NULL); + && (v5_key == NULL || v4_key == NULL || + afs_key == NULL || server_key == NULL); ++i) { Key *key = NULL; while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) { @@ -133,7 +135,8 @@ get_des_key(hdb_entry *principal, krb5_boolean prefer_afs_key, Key **ret_key) } else if(key->salt->type == hdb_afs3_salt) { if(afs_key == NULL) afs_key = key; - } + } else if(server_key == NULL) + server_key = key; } } @@ -144,6 +147,8 @@ get_des_key(hdb_entry *principal, krb5_boolean prefer_afs_key, Key **ret_key) *ret_key = v4_key; else if(v5_key) *ret_key = v5_key; + else if(is_server && server_key) + return server_key; else return KERB_ERR_NULL_KEY; } else { @@ -153,6 +158,8 @@ get_des_key(hdb_entry *principal, krb5_boolean prefer_afs_key, Key **ret_key) *ret_key = afs_key; else if(v5_key) *ret_key = v5_key; + else if(is_server && server_key) + return server_key; else return KERB_ERR_NULL_KEY; } @@ -267,12 +274,11 @@ do_version4(unsigned char *buf, goto out1; } - ret = get_des_key(client, FALSE, &ckey); + ret = get_des_key(client, FALSE, FALSE, &ckey); if(ret){ - kdc_log(0, "%s", krb5_get_err_text(context, ret)); - /* XXX */ + kdc_log(0, "no suitable DES key for client"); make_err_reply(reply, KDC_NULL_KEY, - "No DES key in database (client)"); + "no suitable DES key for client"); goto out1; } @@ -290,12 +296,12 @@ do_version4(unsigned char *buf, } #endif - ret = get_des_key(server, FALSE, &skey); + ret = get_des_key(server, TRUE, FALSE, &skey); if(ret){ - kdc_log(0, "%s", krb5_get_err_text(context, ret)); + kdc_log(0, "no suitable DES key for server"); /* XXX */ make_err_reply(reply, KDC_NULL_KEY, - "No DES key in database (server)"); + "no suitable DES key for server"); goto out1; } @@ -375,12 +381,12 @@ do_version4(unsigned char *buf, goto out2; } - ret = get_des_key(tgt, FALSE, &tkey); + ret = get_des_key(tgt, TRUE, FALSE, &tkey); if(ret){ - kdc_log(0, "%s", krb5_get_err_text(context, ret)); + kdc_log(0, "no suitable DES key for krbtgt"); /* XXX */ make_err_reply(reply, KDC_NULL_KEY, - "No DES key in database (krbtgt)"); + "no suitable DES key for krbtgt"); goto out2; } @@ -463,12 +469,12 @@ do_version4(unsigned char *buf, goto out2; } - ret = get_des_key(server, FALSE, &skey); + ret = get_des_key(server, TRUE, FALSE, &skey); if(ret){ - kdc_log(0, "%s", krb5_get_err_text(context, ret)); + kdc_log(0, "no suitable DES key for server"); /* XXX */ make_err_reply(reply, KDC_NULL_KEY, - "No DES key in database (server)"); + "no suitable DES key for server"); goto out2; }