diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-10-02 16:32:56 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-10-03 01:15:04 +0000 |
| commit | 21460dfc14acdeef69b6cd910da80f261316be63 (patch) | |
| tree | fcc7b9c9b03331ae6a1117a9688fc957868e942b /source4/heimdal/kdc | |
| parent | a2c4f54dfb47fa73c12ba305d52574aeb6baedd9 (diff) | |
| download | samba-21460dfc14acdeef69b6cd910da80f261316be63.tar.gz | |
s4:heimdal: import lorikeet-heimdal-201010022046 (commit 1bea031b9404b14114b0272ecbe56e60c567af5c)
Diffstat (limited to 'source4/heimdal/kdc')
| -rw-r--r-- | source4/heimdal/kdc/digest.c | 10 | ||||
| -rw-r--r-- | source4/heimdal/kdc/kerberos5.c | 4 | ||||
| -rw-r--r-- | source4/heimdal/kdc/krb5tgs.c | 8 | ||||
| -rw-r--r-- | source4/heimdal/kdc/misc.c | 24 |
4 files changed, 28 insertions, 18 deletions
diff --git a/source4/heimdal/kdc/digest.c b/source4/heimdal/kdc/digest.c index 1a383fa205c..70b45c2af6f 100644 --- a/source4/heimdal/kdc/digest.c +++ b/source4/heimdal/kdc/digest.c @@ -177,7 +177,7 @@ get_password_entry(krb5_context context, return ret; ret = _kdc_db_fetch(context, config, clientprincipal, - HDB_F_GET_CLIENT, &db, &user); + HDB_F_GET_CLIENT, NULL, &db, &user); krb5_free_principal(context, clientprincipal); if (ret) return ret; @@ -292,7 +292,7 @@ _kdc_do_digest(krb5_context context, krb5_clear_error_message(context); ret = _kdc_db_fetch(context, config, principal, - HDB_F_GET_SERVER, NULL, &server); + HDB_F_GET_SERVER, NULL, NULL, &server); if (ret) goto out; @@ -314,7 +314,7 @@ _kdc_do_digest(krb5_context context, } ret = _kdc_db_fetch(context, config, principal, - HDB_F_GET_CLIENT, NULL, &client); + HDB_F_GET_CLIENT, NULL, NULL, &client); krb5_free_principal(context, principal); if (ret) goto out; @@ -874,7 +874,7 @@ _kdc_do_digest(krb5_context context, goto failed; ret = _kdc_db_fetch(context, config, clientprincipal, - HDB_F_GET_CLIENT, NULL, &user); + HDB_F_GET_CLIENT, NULL, NULL, &user); krb5_free_principal(context, clientprincipal); if (ret) { krb5_set_error_message(context, ret, @@ -1158,7 +1158,7 @@ _kdc_do_digest(krb5_context context, goto failed; ret = _kdc_db_fetch(context, config, clientprincipal, - HDB_F_GET_CLIENT, NULL, &user); + HDB_F_GET_CLIENT, NULL, NULL, &user); krb5_free_principal(context, clientprincipal); if (ret) { krb5_set_error_message(context, ret, "NTLM user %s not in database", diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 9fb0998a2aa..40e597befb5 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -988,7 +988,7 @@ _kdc_as_rep(krb5_context context, */ ret = _kdc_db_fetch(context, config, client_princ, - HDB_F_GET_CLIENT | flags, 0, + HDB_F_GET_CLIENT | flags, NULL, &clientdb, &client); if(ret){ const char *msg = krb5_get_error_message(context, ret); @@ -1000,7 +1000,7 @@ _kdc_as_rep(krb5_context context, ret = _kdc_db_fetch(context, config, server_princ, HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, - 0, NULL, &server); + NULL, NULL, &server); if(ret){ const char *msg = krb5_get_error_message(context, ret); kdc_log(context, config, 0, "UNKNOWN -- %s: %s", server_name, msg); diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 23f9674bef2..71d99e2bee0 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -351,7 +351,7 @@ check_PAC(krb5_context context, *signedpath = 1; ret = _krb5_pac_sign(context, pac, tkt->authtime, client_principal, - server_key, krbtgt_key, rspac); + server_key, krbtgt_sign_key, rspac); } krb5_pac_free(context, pac); @@ -1563,7 +1563,7 @@ tgs_build_reply(krb5_context context, server_lookup: ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | HDB_F_CANON, - 0, NULL, &server); + NULL, NULL, &server); if(ret){ const char *new_rlm, *msg; @@ -1624,7 +1624,7 @@ server_lookup: } ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | HDB_F_CANON, - 0, &clientdb, &client); + NULL, &clientdb, &client); if(ret) { const char *krbtgt_realm, *msg; @@ -1845,7 +1845,7 @@ server_lookup: krb5_pac p = NULL; krb5_data_free(&rspac); ret = _kdc_db_fetch(context, config, client_principal, HDB_F_GET_CLIENT | HDB_F_CANON, - 0, &s4u2self_impersonated_clientdb, &s4u2self_impersonated_client); + NULL, &s4u2self_impersonated_clientdb, &s4u2self_impersonated_client); if (ret) { const char *msg; diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index 30807484638..9feb99cdbc0 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -47,7 +47,7 @@ _kdc_db_fetch(krb5_context context, hdb_entry_ex *ent; krb5_error_code ret; int i; - unsigned kvno; + unsigned kvno = 0; if (kvno_ptr) { kvno = *kvno_ptr; @@ -91,12 +91,22 @@ _kdc_db_fetch(krb5_context context, continue; } - ret = config->db[i]->hdb_fetch(context, - config->db[i], - principal, - flags | HDB_F_DECRYPT, - kvno, - ent); + if (config->db[i]->hdb_fetch_kvno) { + ret = config->db[i]->hdb_fetch_kvno(context, + config->db[i], + principal, + flags | HDB_F_DECRYPT, + kvno, + ent); + } else { + flags &= ~HDB_F_KVNO_SPECIFIED; + ret = config->db[i]->hdb_fetch(context, + config->db[i], + principal, + flags | HDB_F_DECRYPT, + ent); + } + krb5_free_principal(context, enterprise_principal); config->db[i]->hdb_close(context, config->db[i]); |