Use principal not found in keytab code.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24267 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-01-11 21:46:26 +00:00
parent 251266e7e2
commit e8648d75b0

View File

@@ -803,8 +803,7 @@ out:
* that will verify the reply.
* @param inctx control the behavior of the function, if NULL, the
* default behavior is used.
* @param outctx the return outctx,can be NULL. If set and function
* returns 0, free with krb5_rd_req_out_ctx_free()
* @param outctx the return outctx, free with krb5_rd_req_out_ctx_free().
* @return Kerberos 5 error code, see krb5_get_error_message().
*
* @ingroup krb5_auth
@@ -842,6 +841,14 @@ krb5_rd_req_ctx(krb5_context context,
if(ret)
goto out;
/* Save that principal that was in the request */
ret = _krb5_principalname2krb5_principal(context,
&o->server,
ap_req.ticket.sname,
ap_req.ticket.realm);
if (ret)
goto out;
if (ap_req.ap_options.use_session_key &&
(*auth_context)->keyblock == NULL) {
ret = KRB5KRB_AP_ERR_NOKEY;
@@ -879,10 +886,11 @@ krb5_rd_req_ctx(krb5_context context,
goto out;
}
/*
* If we got an exact keymatch, use that.
*/
if (o->keyblock) {
/*
* We got an exact keymatch, use that.
*/
ret = krb5_verify_ap_req2(context,
auth_context,
&ap_req,
@@ -897,6 +905,10 @@ krb5_rd_req_ctx(krb5_context context,
goto out;
} else {
/*
* Interate over keytab to find a key that can decrypt the request.
*/
krb5_keytab_entry entry;
krb5_kt_cursor cursor;
krb5_keytab id = NULL;
@@ -921,17 +933,17 @@ krb5_rd_req_ctx(krb5_context context,
if (ret)
goto out;
/*
* Interate over keytab to find a key that can decrypt the request.
*/
done = 0;
while (!done) {
krb5_principal p;
ret = krb5_kt_next_entry(context, id, &entry, &cursor);
if (ret)
if (ret) {
_krb5_kt_principal_not_found(context, ret, id, o->server,
ap_req.ticket.enc_part.etype,
kvno);
goto out;
}
if (entry.keyblock.keytype != ap_req.ticket.enc_part.etype ||
(kvno && kvno != entry.vno)) {
@@ -982,15 +994,6 @@ krb5_rd_req_ctx(krb5_context context,
krb5_kt_end_seq_get (context, id, &cursor);
}
/* Save that principal that was in the request */
ret = _krb5_principalname2krb5_principal(context,
&o->server,
ap_req.ticket.sname,
ap_req.ticket.realm);
if (ret)
goto out;
/* If there is a PAC, verify its server signature */
if (inctx == NULL || inctx->check_pac) {
krb5_pac pac;