diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2009-09-20 23:18:34 -0700 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2009-11-13 23:19:05 +1100 |
| commit | 5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094 (patch) | |
| tree | 82c3416f2211df07d5fe1e58ee6639f09e465a60 /source4/heimdal/lib/krb5/init_creds_pw.c | |
| parent | 12205347163b55e79651921c6858c4d04e1faa51 (diff) | |
| download | samba-5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094.tar.gz samba-5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094.tar.bz2 samba-5bc87c14a1f5b45ed86e7ff9663f5f0aa2f70094.zip | |
s4:heimdal: import lorikeet-heimdal-200909210500 (commit 290db8d23647a27c39b97c189a0b2ef6ec21ca69)
Diffstat (limited to 'source4/heimdal/lib/krb5/init_creds_pw.c')
| -rw-r--r-- | source4/heimdal/lib/krb5/init_creds_pw.c | 64 |
1 files changed, 63 insertions, 1 deletions
diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index ff89a90d55..5363d533e7 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -398,6 +398,9 @@ get_init_creds_common(krb5_context context, } } if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) { + if (ctx->etypes) + free(ctx->etypes); + etypes = malloc((options->etype_list_length + 1) * sizeof(krb5_enctype)); if (etypes == NULL) { @@ -1417,10 +1420,17 @@ krb5_init_creds_set_keytab(krb5_context context, krb5_keytab keytab) { krb5_keytab_key_proc_args *a; + krb5_keytab_entry entry; + krb5_kt_cursor cursor; + krb5_enctype *etypes = NULL; + krb5_error_code ret; + size_t netypes = 0; + int kvno = 0; a = malloc(sizeof(*a)); if (a == NULL) { - krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -1431,6 +1441,58 @@ krb5_init_creds_set_keytab(krb5_context context, ctx->keyseed = (void *)a; ctx->keyproc = keytab_key_proc; + /* + * We need to the KDC what enctypes we support for this keytab, + * esp if the keytab is really a password based entry, then the + * KDC might have more enctypes in the database then what we have + * in the keytab. + */ + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if(ret) + goto out; + + while(krb5_kt_next_entry(context, keytab, &entry, &cursor) == 0){ + void *ptr; + + if (!krb5_principal_compare(context, entry.principal, ctx->cred.client)) + goto next; + + /* check if we ahve this kvno already */ + if (entry.vno > kvno) { + /* remove old list of etype */ + if (etypes) + free(etypes); + netypes = 0; + kvno = entry.vno; + } else if (entry.vno != kvno) + goto next; + + /* check if enctype is supported */ + if (krb5_enctype_valid(context, entry.keyblock.keytype) != 0) + goto next; + + /* add enctype to supported list */ + ptr = realloc(etypes, sizeof(etypes[0]) * (netypes + 2)); + if (ptr == NULL) + goto next; + + etypes = ptr; + etypes[netypes] = entry.keyblock.keytype; + etypes[netypes + 1] = ETYPE_NULL; + netypes++; + next: + krb5_kt_free_entry(context, &entry); + } + krb5_kt_end_seq_get(context, keytab, &cursor); + + if (etypes) { + if (ctx->etypes) + free(ctx->etypes); + ctx->etypes = etypes; + } + + out: return 0; } |