diff options
author | Uri Simchoni <uri@samba.org> | 2016-05-17 13:45:11 +0300 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2016-05-24 03:00:39 +0200 |
commit | b2b951d14fa9464cf2333e611e5b651e1d57cf01 (patch) | |
tree | c688001ad72ff56495423e42481e61d1684afc37 /source4/heimdal | |
parent | 59133295bbfd3b51953d9c86e3b533ff1d4861e3 (diff) | |
download | samba-b2b951d14fa9464cf2333e611e5b651e1d57cf01.tar.gz |
heimdal make kvno unisgned internally
The folks at heimdal didn't like the patch in
commit 6379737b7ddc6ccb752238c5820cc62e76a8da17 and insisted
that kvno should remain unsigned internally, even though it is
encoded as signed in packets. This patch reverts some of the
unsigned->signed changes in that commit, and resolves conversion
issues - in order to be aligned with upstream Heimdal.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 24 03:00:39 CEST 2016 on sn-devel-144
Diffstat (limited to 'source4/heimdal')
-rw-r--r-- | source4/heimdal/kdc/krb5tgs.c | 17 | ||||
-rw-r--r-- | source4/heimdal/kdc/misc.c | 2 |
2 files changed, 16 insertions, 3 deletions
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 1d0d1ddc3fa..c221c903461 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1174,6 +1174,8 @@ tgs_parse_request(krb5_context context, Key *tkey; krb5_keyblock *subkey = NULL; unsigned usage; + krb5uint32 kvno = 0; + krb5uint32 *kvno_ptr = NULL; *auth_data = NULL; *csec = NULL; @@ -1201,7 +1203,12 @@ tgs_parse_request(krb5_context context, ap_req.ticket.sname, ap_req.ticket.realm); - ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, ap_req.ticket.enc_part.kvno, NULL, krbtgt); + if (ap_req.ticket.enc_part.kvno) { + kvno = *ap_req.ticket.enc_part.kvno; + kvno_ptr = &kvno; + } + ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, kvno_ptr, + NULL, krbtgt); if(ret == HDB_ERR_NOT_FOUND_HERE) { char *p; @@ -1541,6 +1548,8 @@ tgs_build_reply(krb5_context context, hdb_entry_ex *uu; krb5_principal p; Key *uukey; + krb5uint32 second_kvno = 0; + krb5uint32 *kvno_ptr = NULL; if(b->additional_tickets == NULL || b->additional_tickets->len == 0){ @@ -1557,8 +1566,12 @@ tgs_build_reply(krb5_context context, goto out; } _krb5_principalname2krb5_principal(context, &p, t->sname, t->realm); + if(t->enc_part.kvno){ + second_kvno = *t->enc_part.kvno; + kvno_ptr = &second_kvno; + } ret = _kdc_db_fetch(context, config, p, - HDB_F_GET_KRBTGT, t->enc_part.kvno, + HDB_F_GET_KRBTGT, kvno_ptr, NULL, &uu); krb5_free_principal(context, p); if(ret){ diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index 6fd5119deca..b0bc38a2b6f 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -40,7 +40,7 @@ _kdc_db_fetch(krb5_context context, krb5_kdc_configuration *config, krb5_const_principal principal, unsigned flags, - krb5int32 *kvno_ptr, + krb5uint32 *kvno_ptr, HDB **db, hdb_entry_ex **h) { |