oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Fixes to patches that add *use-strong* parameters.

Browse Source 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
This commit is contained in:
Nicolas Williams
2011-04-07 15:11:05 -05:00
committed by Love Hörnquist Åstrand
parent 8ada355954
commit c06d5ebfda
2 changed files with 21 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
kdc/kerberos5.c
View File

@@ -128,17 +128,19 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
krb5_enctype *etypes, unsigned len, krb5_enctype *etypes, unsigned len,
krb5_enctype *ret_enctype, Key **ret_key) krb5_enctype *ret_enctype, Key **ret_key)
{ {
int i;
krb5_error_code ret; krb5_error_code ret;
krb5_salt def_salt; krb5_salt def_salt;
krb5_enctype enctype = ETYPE_NULL; krb5_enctype enctype = ETYPE_NULL;
Key *key = NULL; Key *key;
int i;
/* We'll want to avoid keys with v4 salted keys in the pre-auth case... */ /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt); ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt);
if (ret) if (ret)
return ret; return ret;
ret = KRB5KDC_ERR_ETYPE_NOSUPP;
if (use_strongest_session_key) { if (use_strongest_session_key) {
const krb5_enctype *p; const krb5_enctype *p;
krb5_enctype clientbest = ETYPE_NULL; krb5_enctype clientbest = ETYPE_NULL;
@@ -195,7 +197,7 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
* weak enctypes in krb5.conf and selects this key selection * weak enctypes in krb5.conf and selects this key selection
* algorithm, then we get exactly what RFC4120 says. * algorithm, then we get exactly what RFC4120 says.
*/ */
for(i = 0; ret != 0 && i < len ; i++) { for(key = NULL, i = 0; ret != 0 && i < len; i++, key = NULL) {
if (krb5_enctype_valid(context, etypes[i]) != 0 && if (krb5_enctype_valid(context, etypes[i]) != 0 &&
!_kdc_is_weak_exception(princ->entry.principal, etypes[i])) !_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
@@ -207,7 +209,9 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
continue; continue;
} }
if (ret_key != NULL) if (ret_key != NULL)
*ret_key = key; *ret_key = key;
if (ret_enctype != NULL)
*ret_enctype = etypes[i];
ret = 0; ret = 0;
if (is_preauth && is_default_salt_p(&def_salt, key)) if (is_preauth && is_default_salt_p(&def_salt, key))
goto out; goto out;

20
kdc/misc.c
View File

@@ -144,20 +144,26 @@ _kdc_get_preferred_key(krb5_context context,
if (krb5_enctype_valid(context, p[i]) != 0) if (krb5_enctype_valid(context, p[i]) != 0)
continue; continue;
ret = hdb_enctype2key(context, &h->entry, p[i], key); ret = hdb_enctype2key(context, &h->entry, p[i], key);
if (ret == 0) { if (ret != 0)
continue;
if (enctype != NULL)
*enctype = p[i]; *enctype = p[i];
return 0; return 0;
}
} }
} else { } else {
*key = NULL; *key = NULL;
for (i = 0; i < h->entry.keys.len; i++) { for (i = 0; i < h->entry.keys.len; i++) {
if (krb5_enctype_valid(context, h->entry.keys.val[i].key.keytype) if (krb5_enctype_valid(context, h->entry.keys.val[i].key.keytype)
!= 0) { != 0)
*key = &h->entry.keys.val[i]; continue;
return 0; ret = hdb_enctype2key(context, &h->entry,
} h->entry.keys.val[i].key.keytype, key);
if (ret != 0)
continue;
if (enctype != NULL)
*enctype = (*key)->key.keytype;
return 0;
} }
} }