diff options
| author | Paul Park <pjpark@mit.edu> | 1995-08-15 18:43:33 +0000 |
|---|---|---|
| committer | Paul Park <pjpark@mit.edu> | 1995-08-15 18:43:33 +0000 |
| commit | 00203d5d3f63d9ee1ba799698eb6ea026037997a (patch) | |
| tree | 55a0a95bcac1e6f73a7e118de7c14c88c5dc1973 /src/kdc/kdc_util.c | |
| parent | 5d7d8e9d171542ce9e05c8a7937d7778a3ba3694 (diff) | |
| download | krb5-00203d5d3f63d9ee1ba799698eb6ea026037997a.zip krb5-00203d5d3f63d9ee1ba799698eb6ea026037997a.tar.gz krb5-00203d5d3f63d9ee1ba799698eb6ea026037997a.tar.bz2 | |
Use per-realm key/salt list to find appropriate keys. Fix gcc -Wall complaints
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6529 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_util.c')
| -rw-r--r-- | src/kdc/kdc_util.c | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index e106f2d..b7806ca 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -29,6 +29,7 @@ #include "extern.h" #include <stdio.h> #include <syslog.h> +#include "adm.h" #include "adm_proto.h" /* @@ -325,7 +326,9 @@ kdc_get_server_key(ticket, key, kvno) krb5_error_code retval; krb5_db_entry server; krb5_boolean more; - int nprincs, i, last_i; + int nprincs; + krb5_key_data * server_key; + int i; if (krb5_principal_compare(kdc_context, tgs_server, ticket->server)) { retval = krb5_copy_keyblock(kdc_context, &tgs_key, key); @@ -356,16 +359,29 @@ kdc_get_server_key(ticket, key, kvno) /* * Get the latest version of the server key_data and * convert the key into a real key (it may be encrypted in the database) + * + * Search the key list in the order specified by the key/salt list. */ - for (*kvno = last_i = i = 0; i < server.n_key_data; i++) { - if (*kvno < server.key_data[i].key_data_kvno) { - *kvno = server.key_data[i].key_data_kvno; - last_i = i; - } + server_key = (krb5_key_data *) NULL; + for (i=0; i<kdc_active_realm->realm_nkstypes; i++) { + krb5_key_salt_tuple *kslist; + + kslist = (krb5_key_salt_tuple *) kdc_active_realm->realm_kstypes; + if (!krb5_dbe_find_keytype(kdc_context, + &server, + kslist[i].ks_keytype, + -1, + -1, + &server_key)) + break; } + if (!server_key) + return(KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN); + + *kvno = server_key->key_data_kvno; if ((*key = (krb5_keyblock *)malloc(sizeof **key))) { retval = krb5_dbekd_decrypt_key_data(kdc_context, &master_encblock, - &server.key_data[last_i], + server_key, *key, NULL); } else retval = ENOMEM; @@ -903,6 +919,7 @@ krb5_data *data; int tag; /* tag number */ unsigned char savelen; /* saved length of our field */ + classes = -1; /* we assume that the first identifier/length will tell us how long the entire stream is. */ astream++; |