diff options
Diffstat (limited to 'source4/heimdal/kdc')
-rw-r--r-- | source4/heimdal/kdc/default_config.c | 2 | ||||
-rw-r--r-- | source4/heimdal/kdc/kerberos5.c | 2 | ||||
-rw-r--r-- | source4/heimdal/kdc/krb5tgs.c | 12 | ||||
-rw-r--r-- | source4/heimdal/kdc/misc.c | 2 | ||||
-rw-r--r-- | source4/heimdal/kdc/pkinit.c | 2 |
5 files changed, 12 insertions, 8 deletions
diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index fe977ded5a..6fbf5fdae1 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -54,7 +54,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) c->as_use_strongest_session_key = FALSE; c->preauth_use_strongest_session_key = FALSE; c->tgs_use_strongest_session_key = FALSE; - c->use_strongest_server_key = FALSE; + c->use_strongest_server_key = TRUE; c->check_ticket_addresses = TRUE; c->allow_null_ticket_addresses = TRUE; c->allow_anonymous = FALSE; diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index 4bc1619170..c13abb7ce0 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -978,7 +978,7 @@ _kdc_as_rep(krb5_context context, krb5_crypto crypto; Key *ckey, *skey; EncryptionKey *reply_key = NULL, session_key; - int flags = 0; + int flags = HDB_F_FOR_AS_REQ; #ifdef PKINIT pk_client_params *pkp = NULL; #endif diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 92cce5759f..6aad65d408 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1216,7 +1216,7 @@ tgs_parse_request(krb5_context context, } if(ap_req.ticket.enc_part.kvno && - (unsigned int)*ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){ + *ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){ char *p; ret = krb5_unparse_name (context, princ, &p); @@ -1508,6 +1508,7 @@ tgs_build_reply(krb5_context context, Key *tkey_check; Key *tkey_sign; + int flags = HDB_F_FOR_TGS_REQ; memset(&sessionkey, 0, sizeof(sessionkey)); memset(&adtkt, 0, sizeof(adtkt)); @@ -1517,6 +1518,9 @@ tgs_build_reply(krb5_context context, s = b->sname; r = b->realm; + if (b->kdc_options.canonicalize) + flags |= HDB_F_CANON; + if(b->kdc_options.enc_tkt_in_skey){ Ticket *t; hdb_entry_ex *uu; @@ -1591,7 +1595,7 @@ tgs_build_reply(krb5_context context, */ server_lookup: - ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | HDB_F_CANON, + ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | flags, NULL, NULL, &server); if(ret == HDB_ERR_NOT_FOUND_HERE) { @@ -1777,7 +1781,7 @@ server_lookup: goto out; } - ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | HDB_F_CANON, + ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | flags, NULL, &clientdb, &client); if(ret == HDB_ERR_NOT_FOUND_HERE) { /* This is OK, we are just trying to find out if they have @@ -1912,7 +1916,7 @@ server_lookup: if(rspac.data) { krb5_pac p = NULL; krb5_data_free(&rspac); - ret = _kdc_db_fetch(context, config, tp, HDB_F_GET_CLIENT | HDB_F_CANON, + ret = _kdc_db_fetch(context, config, tp, HDB_F_GET_CLIENT | flags, NULL, &s4u2self_impersonated_clientdb, &s4u2self_impersonated_client); if (ret) { const char *msg; diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index f9b34571a3..1b2c440005 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -40,7 +40,7 @@ _kdc_db_fetch(krb5_context context, krb5_kdc_configuration *config, krb5_const_principal principal, unsigned flags, - krb5int32 *kvno_ptr, + krb5uint32 *kvno_ptr, HDB **db, hdb_entry_ex **h) { diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index a02cb816ab..d85b156500 100644 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -1420,7 +1420,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, memset(&rep, 0, sizeof(rep)); pa_type = KRB5_PADATA_PK_AS_REP_19; - rep.element = choice_PA_PK_AS_REP_encKeyPack; + rep.element = choice_PA_PK_AS_REP_Win2k_encKeyPack; ret = krb5_generate_random_keyblock(context, enctype, &cp->reply_key); |