add easier afs configuration, defaulting to the local realm in lower
case; also try to remove duplicate salts git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10486 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2000 Kungliga Tekniska H<>gskolan
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@@ -72,10 +72,11 @@ make_keys(krb5_context context, krb5_principal principal, const char *password,
|
||||
/* for each entry in `default_keys' try to parse it as a sequence
|
||||
of etype:salttype:salt, syntax of this if something like:
|
||||
[(des|des3|etype):](pw|afs3)[:string], if etype is omitted it
|
||||
means everything, and if string is omitted is means the default
|
||||
means all etypes, and if string is omitted is means the default
|
||||
string (for that principal). Additional special values:
|
||||
v5 == pw-salt, and
|
||||
v4 == pw-salt:
|
||||
v4 == des:pw-salt:
|
||||
afs or afs3 == des:afs3-salt
|
||||
*/
|
||||
|
||||
if (ktypes == NULL
|
||||
@@ -98,6 +99,8 @@ make_keys(krb5_context context, krb5_principal principal, const char *password,
|
||||
p = "pw-salt";
|
||||
else if(strcmp(p, "v4") == 0)
|
||||
p = "des:pw-salt:";
|
||||
else if(strcmp(p, "afs") == 0 || strcmp(p, "afs3") == 0)
|
||||
p = "des:afs3-salt";
|
||||
|
||||
/* split p in a list of :-separated strings */
|
||||
for(num_buf = 0; num_buf < 3; num_buf++)
|
||||
@@ -165,11 +168,35 @@ make_keys(krb5_context context, krb5_principal principal, const char *password,
|
||||
continue;
|
||||
}
|
||||
|
||||
if(!salt_set && salt.salttype == KRB5_PW_SALT)
|
||||
if(!salt_set) {
|
||||
/* make up default salt */
|
||||
ret = krb5_get_pw_salt(context, principal, &salt);
|
||||
if(salt.salttype == KRB5_PW_SALT)
|
||||
ret = krb5_get_pw_salt(context, principal, &salt);
|
||||
else if(salt.salttype == KRB5_AFS3_SALT) {
|
||||
krb5_realm *realm = krb5_princ_realm(context, principal);
|
||||
salt.saltvalue.data = strdup(*realm);
|
||||
if(salt.saltvalue.data == NULL) {
|
||||
krb5_set_error_string(context, "out of memory while "
|
||||
"parsinig salt specifiers");
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
strlwr(salt.saltvalue.data);
|
||||
salt.saltvalue.length = strlen(*realm);
|
||||
}
|
||||
}
|
||||
memset(&key, 0, sizeof(key));
|
||||
for(i = 0; i < num_etypes; i++) {
|
||||
Key *k;
|
||||
for(k = keys; k < keys + num_keyts; k++) {
|
||||
if(k->key.keytype == etypes[i] &&
|
||||
k->salt.salttype == salt.salttype &&
|
||||
k->salt.saltvalue.length == salt.saltvalue.length &&
|
||||
memcmp(k->salt.saltvalue.data, salt.saltvalue.data,
|
||||
salt.saltvalue.length) == 0)
|
||||
goto next_etype;
|
||||
}
|
||||
|
||||
ret = krb5_string_to_key_salt (context,
|
||||
etypes[i],
|
||||
password,
|
||||
@@ -210,6 +237,7 @@ make_keys(krb5_context context, krb5_principal principal, const char *password,
|
||||
}
|
||||
keys = tmp;
|
||||
keys[num_keys++] = key;
|
||||
next_etype:;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user