oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(fail_verify_is_ok): new function

Browse Source 
(krb5_verify_init_creds): if we cannot get a ticket for
host/`hostname` and fail_verify_is_ok just return.
use krb5_rd_req


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5205 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1998-11-21 20:37:57 +00:00
parent 82fa376236
commit 7f662b63ee
1 changed files with 33 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
lib/krb5/verify_init.c
View File

@@ -54,6 +54,26 @@ krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *options
options->ap_req_nofail = ap_req_nofail;
}
/*
*
*/
static krb5_boolean
fail_verify_is_ok (krb5_context context,
krb5_verify_init_creds_opt *options)
{
if ((options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL
&& options->ap_req_nofail == 1)
|| krb5_config_get_bool (context,
NULL,
"libdefaults",
"verify_ap_req_nofail",
NULL))
return FALSE;
else
return TRUE;
}
krb5_error_code
krb5_verify_init_creds(krb5_context context,
krb5_creds *creds,
@@ -128,8 +148,11 @@ krb5_verify_init_creds(krb5_context context,
local_ccache,
&match_cred,
&new_creds);
if (ret)
if (ret) {
if (fail_verify_is_ok (context, options))
ret = 0;
goto cleanup;
}
} else
new_creds = creds;
@@ -146,35 +169,16 @@ krb5_verify_init_creds(krb5_context context,
if (ret)
goto cleanup;
ret = krb5_kt_get_entry (context,
keytab,
server,
0,
KEYTYPE_DES,
&entry);
if (ret) {
if (((options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL) &&
options->ap_req_nofail == 1) ||
krb5_config_get_bool (context,
NULL,
"libdefaults",
"verify_ap_req_nofail",
NULL)) {
goto cleanup;
} else {
ret = 0;
goto cleanup;
}
}
ret = krb5_rd_req_with_keyblock (context,
ret = krb5_rd_req (context,
&auth_context,
&req,
server,
&entry.keyblock,
keytab,
0,
NULL);
if (ret == KRB5_KT_NOTFOUND && fail_verify_is_ok (context, options))
ret = 0;
cleanup:
if (auth_context)
krb5_auth_con_free (context, auth_context);