diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-07-12 00:56:27 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:10:03 -0500 |
| commit | 795c27946231501a7e1ca32a5e8899b3624bbde5 (patch) | |
| tree | 30c81900d5d6c14e60f0108984e34da9c9699a11 /source4/kdc | |
| parent | 51de50de292df3af48a68366eef4ee526ceb801d (diff) | |
| download | samba-795c27946231501a7e1ca32a5e8899b3624bbde5.tar.gz samba-795c27946231501a7e1ca32a5e8899b3624bbde5.tar.bz2 samba-795c27946231501a7e1ca32a5e8899b3624bbde5.zip | |
r16964: Remove extra debugs no longer required in a working KDC
Implement the 'DES only' flag.
Andrew Bartlett
(This used to be commit 9d42bb4b3d2a45da02f0525386468161494852cd)
Diffstat (limited to 'source4/kdc')
| -rw-r--r-- | source4/kdc/hdb-ldb.c | 47 |
1 files changed, 21 insertions, 26 deletions
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index c178d9e124..8c4e063a73 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -98,8 +98,6 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h { HDBFlags flags = int2HDBFlags(0); - krb5_warnx(context, "uf2HDBFlags: userAccountControl: %08x\n", userAccountControl); - /* we don't allow kadmin deletes */ flags.immutable = 1; @@ -151,20 +149,13 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h } */ /* - if (userAccountControl & UF_PASSWORD_CANT_CHANGE) { - flags.invalid = 1; - } -*/ -/* - if (userAccountControl & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED) { - flags.invalid = 1; - } + UF_PASSWORD_CANT_CHANGE and UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED are irrelevent */ if (userAccountControl & UF_TEMP_DUPLICATE_ACCOUNT) { flags.invalid = 1; } -/* UF_DONT_EXPIRE_PASSWD handled in LDB_message2entry() */ +/* UF_DONT_EXPIRE_PASSWD and UF_USE_DES_KEY_ONLY handled in LDB_message2entry() */ /* if (userAccountControl & UF_MNS_LOGON_ACCOUNT) { @@ -182,20 +173,12 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h flags.proxiable = 1; } -/* - if (userAccountControl & UF_SMARTCARD_USE_DES_KEY_ONLY) { - flags.invalid = 1; - } -*/ if (userAccountControl & UF_DONT_REQUIRE_PREAUTH) { flags.require_preauth = 0; } else { flags.require_preauth = 1; } - - krb5_warnx(context, "uf2HDBFlags: HDBFlags: %08x\n", HDBFlags2int(flags)); - return flags; } @@ -246,8 +229,6 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, memset(entry_ex, 0, sizeof(*entry_ex)); - krb5_warnx(context, "LDB_message2entry:\n"); - if (!realm) { krb5_set_error_string(context, "talloc_strdup: out of memory"); ret = ENOMEM; @@ -395,17 +376,33 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, ret = ENOMEM; goto out; } - entry_ex->entry.keys.len = ldb_keys->num_values; + + entry_ex->entry.keys.len = 0; /* Decode Kerberos keys into the hdb structure */ - for (i=0; i < entry_ex->entry.keys.len; i++) { + for (i=0; i < ldb_keys->num_values; i++) { size_t decode_len; + Key key; ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length, - &entry_ex->entry.keys.val[i], &decode_len); + &key, &decode_len); if (ret) { /* Could be bougus data in the entry, or out of memory */ goto out; } + + if (userAccountControl & UF_USE_DES_KEY_ONLY) { + switch (key.key.keytype) { + case KEYTYPE_DES: + entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; + entry_ex->entry.keys.len++; + default: + /* We must use DES keys only */ + break; + } + } else { + entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; + entry_ex->entry.keys.len++; + } } } @@ -930,8 +927,6 @@ static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flag priv->realm_ref_msgs = talloc_steal(priv, realm_ref_msgs); - krb5_warnx(context, "LDB_firstkey: realm ok\n"); - lret = ldb_search(ldb_ctx, realm_dn, LDB_SCOPE_SUBTREE, "(objectClass=user)", krb5_attrs, &res); |