From b70c6b82df6e28735cc71f3b2de9cf88d738191a Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Mon, 18 Jun 2001 01:45:41 +0000 Subject: [PATCH] make krb524_convert_creds_kdc match the MIT function by the same name; add krb524_convert_creds_kdc_ccache that does what the old version did git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10087 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/convert_creds.c | 87 ++++++++++++++++++++++++++++------------ 1 file changed, 61 insertions(+), 26 deletions(-) diff --git a/lib/krb5/convert_creds.c b/lib/krb5/convert_creds.c index 71b2de50f..4ed804e17 100644 --- a/lib/krb5/convert_creds.c +++ b/lib/krb5/convert_creds.c @@ -121,7 +121,6 @@ _krb_time_to_life(time_t start, time_t end) krb5_error_code krb524_convert_creds_kdc(krb5_context context, - krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds) { @@ -132,33 +131,20 @@ krb524_convert_creds_kdc(krb5_context context, krb5_data ticket; char realm[REALM_SZ]; krb5_creds *v5_creds = in_cred; - krb5_keytype keytype; - keytype = v5_creds->session.keytype; - - if (keytype != ENCTYPE_DES_CBC_CRC) { - /* MIT krb524d doesn't like nothing but des-cbc-crc tickets, - so go get one */ - krb5_creds template; - - memset (&template, 0, sizeof(template)); - template.session.keytype = ENCTYPE_DES_CBC_CRC; - ret = krb5_copy_principal (context, in_cred->client, &template.client); - if (ret) { - krb5_free_creds_contents (context, &template); - return ret; + if (v5_creds->session.keytype != ENCTYPE_DES_CBC_CRC) { + char *enctype; + ret = krb5_enctype_to_string(context, v5_creds->session.keytype, + &enctype); + if(ret == 0) { + krb5_set_error_string(context, "attempt to 524-convert ticket " + "of type `%s'", enctype); + free(enctype); + } else { + krb5_set_error_string(context, "attempt to 524-convert ticket " + "of type `%d'", v5_creds->session.keytype); } - ret = krb5_copy_principal (context, in_cred->server, &template.server); - if (ret) { - krb5_free_creds_contents (context, &template); - return ret; - } - - ret = krb5_get_credentials (context, 0, ccache, - &template, &v5_creds); - krb5_free_creds_contents (context, &template); - if (ret) - return ret; + return KRB524_BADKEY; } ret = check_ticket_flags(v5_creds->flags.b); @@ -230,3 +216,52 @@ out2: krb5_free_creds (context, v5_creds); return ret; } + +krb5_error_code +krb524_convert_creds_kdc_ccache(krb5_context context, + krb5_ccache ccache, + krb5_creds *in_cred, + struct credentials *v4creds) +{ + krb5_error_code ret; + krb5_data reply; + krb5_storage *sp; + int32_t tmp; + krb5_data ticket; + char realm[REALM_SZ]; + krb5_creds *v5_creds = in_cred; + krb5_keytype keytype; + + keytype = v5_creds->session.keytype; + + if (keytype != ENCTYPE_DES_CBC_CRC) { + /* MIT krb524d doesn't like nothing but des-cbc-crc tickets, + so go get one */ + krb5_creds template; + + memset (&template, 0, sizeof(template)); + template.session.keytype = ENCTYPE_DES_CBC_CRC; + ret = krb5_copy_principal (context, in_cred->client, &template.client); + if (ret) { + krb5_free_creds_contents (context, &template); + return ret; + } + ret = krb5_copy_principal (context, in_cred->server, &template.server); + if (ret) { + krb5_free_creds_contents (context, &template); + return ret; + } + + ret = krb5_get_credentials (context, 0, ccache, + &template, &v5_creds); + krb5_free_creds_contents (context, &template); + if (ret) + return ret; + } + + ret = krb524_convert_creds_kdc(context, v5_creds, v4creds); + + if (v5_creds != in_cred) + krb5_free_creds (context, v5_creds); + return ret; +}