oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

re-write search for keys code. loop over all supported enctypes in

Browse Source 
order, looping over all keys of each type, and picking the one with
the v5 default salt preferably


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8938 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2000-08-13 01:55:59 +00:00
parent 0236be37dc
commit 5a4cc9eff1
1 changed files with 21 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
kdc/kerberos5.c
View File

@@ -71,62 +71,36 @@ find_padata(KDC_REQ *req, int *start, int type)
return NULL; return NULL;
} }
#if 0 /*
* return the first appropriate key of `princ' in `ret_key'. Look for
static krb5_error_code * all the etypes in (`etypes', `len'), stopping as soon as we find
find_keys(hdb_entry *client, * one, but preferring one that has default salt
hdb_entry *server, */
Key **ckey,
krb5_enctype *cetype,
Key **skey,
krb5_enctype *setype,
unsigned *etypes,
unsigned num_etypes)
{
int i;
krb5_error_code ret;
for(i = 0; i < num_etypes; i++) {
if(client){
ret = hdb_enctype2key(context, client, etypes[i], ckey);
if(ret)
continue;
}
if(server){
ret = hdb_enctype2key(context, server, etypes[i], skey);
if(ret)
continue;
}
if(etype)
*cetype = *setype = etypes[i];
return 0;
}
return KRB5KDC_ERR_ETYPE_NOSUPP;
}
#else
static krb5_error_code static krb5_error_code
find_etype(hdb_entry *princ, unsigned *etypes, unsigned len, find_etype(hdb_entry *princ, unsigned *etypes, unsigned len,
Key **key, int *index) Key **ret_key, krb5_enctype *ret_etype)
{ {
int i; int i;
krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP; krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
for(i = 0; i < len ; i++) { for(i = 0; ret != 0 && i < len ; i++) {
krb5_error_code tmp; Key *key = NULL;
tmp = hdb_enctype2key(context, princ, etypes[i], key); while (hdb_next_enctype2key(context, princ, etypes[i], &key) == 0) {
if (tmp == 0) { if (key->key.keyvalue.length == 0) {
if ((*key)->key.keyvalue.length != 0) {
ret = 0;
break;
} else {
ret = KRB5KDC_ERR_NULL_KEY; ret = KRB5KDC_ERR_NULL_KEY;
continue;
} }
*ret_key = key;
ret = 0;
if (key->salt == NULL)
goto out;
} }
} }
if(index) out:
*index = i; if (ret_etype)
*ret_etype = etypes[i];
return ret; return ret;
} }
@@ -140,30 +114,27 @@ find_keys(hdb_entry *client,
int *etypes, int *etypes,
unsigned num_etypes) unsigned num_etypes)
{ {
int i;
krb5_error_code ret; krb5_error_code ret;
if(client){ if(client){
/* find client key */ /* find client key */
ret = find_etype(client, etypes, num_etypes, ckey, &i); ret = find_etype(client, etypes, num_etypes, ckey, cetype);
if (ret) { if (ret) {
kdc_log(0, "Client has no support for etypes"); kdc_log(0, "Client has no support for etypes");
return ret; return ret;
} }
*cetype = etypes[i];
} }
if(server){ if(server){
/* find server key */ /* find server key */
ret = find_etype(server, etypes, num_etypes, skey, NULL); ret = find_etype(server, etypes, num_etypes, skey, setype);
if (ret) { if (ret) {
kdc_log(0, "Server has no support for etypes"); kdc_log(0, "Server has no support for etypes");
return ret; return ret;
} }
*setype = (*skey)->key.keytype;
} }
return 0; return 0;
} }
#endif
static krb5_error_code static krb5_error_code
make_anonymous_principalname (PrincipalName *pn) make_anonymous_principalname (PrincipalName *pn)