Use principal not found in keytab code.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24267 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -803,8 +803,7 @@ out:
|
||||
* that will verify the reply.
|
||||
* @param inctx control the behavior of the function, if NULL, the
|
||||
* default behavior is used.
|
||||
* @param outctx the return outctx,can be NULL. If set and function
|
||||
* returns 0, free with krb5_rd_req_out_ctx_free()
|
||||
* @param outctx the return outctx, free with krb5_rd_req_out_ctx_free().
|
||||
* @return Kerberos 5 error code, see krb5_get_error_message().
|
||||
*
|
||||
* @ingroup krb5_auth
|
||||
@@ -842,6 +841,14 @@ krb5_rd_req_ctx(krb5_context context,
|
||||
if(ret)
|
||||
goto out;
|
||||
|
||||
/* Save that principal that was in the request */
|
||||
ret = _krb5_principalname2krb5_principal(context,
|
||||
&o->server,
|
||||
ap_req.ticket.sname,
|
||||
ap_req.ticket.realm);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
if (ap_req.ap_options.use_session_key &&
|
||||
(*auth_context)->keyblock == NULL) {
|
||||
ret = KRB5KRB_AP_ERR_NOKEY;
|
||||
@@ -879,10 +886,11 @@ krb5_rd_req_ctx(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
/*
|
||||
* If we got an exact keymatch, use that.
|
||||
*/
|
||||
if (o->keyblock) {
|
||||
/*
|
||||
* We got an exact keymatch, use that.
|
||||
*/
|
||||
|
||||
ret = krb5_verify_ap_req2(context,
|
||||
auth_context,
|
||||
&ap_req,
|
||||
@@ -897,6 +905,10 @@ krb5_rd_req_ctx(krb5_context context,
|
||||
goto out;
|
||||
|
||||
} else {
|
||||
/*
|
||||
* Interate over keytab to find a key that can decrypt the request.
|
||||
*/
|
||||
|
||||
krb5_keytab_entry entry;
|
||||
krb5_kt_cursor cursor;
|
||||
krb5_keytab id = NULL;
|
||||
@@ -921,17 +933,17 @@ krb5_rd_req_ctx(krb5_context context,
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
/*
|
||||
* Interate over keytab to find a key that can decrypt the request.
|
||||
*/
|
||||
|
||||
done = 0;
|
||||
while (!done) {
|
||||
krb5_principal p;
|
||||
|
||||
ret = krb5_kt_next_entry(context, id, &entry, &cursor);
|
||||
if (ret)
|
||||
if (ret) {
|
||||
_krb5_kt_principal_not_found(context, ret, id, o->server,
|
||||
ap_req.ticket.enc_part.etype,
|
||||
kvno);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (entry.keyblock.keytype != ap_req.ticket.enc_part.etype ||
|
||||
(kvno && kvno != entry.vno)) {
|
||||
@@ -982,15 +994,6 @@ krb5_rd_req_ctx(krb5_context context,
|
||||
krb5_kt_end_seq_get (context, id, &cursor);
|
||||
}
|
||||
|
||||
/* Save that principal that was in the request */
|
||||
ret = _krb5_principalname2krb5_principal(context,
|
||||
&o->server,
|
||||
ap_req.ticket.sname,
|
||||
ap_req.ticket.realm);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
|
||||
/* If there is a PAC, verify its server signature */
|
||||
if (inctx == NULL || inctx->check_pac) {
|
||||
krb5_pac pac;
|
||||
|
Reference in New Issue
Block a user