summaryrefslogtreecommitdiff
path: root/source4/heimdal/kdc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/kdc')
-rw-r--r--source4/heimdal/kdc/default_config.c2
-rw-r--r--source4/heimdal/kdc/kerberos5.c2
-rw-r--r--source4/heimdal/kdc/krb5tgs.c12
-rw-r--r--source4/heimdal/kdc/misc.c2
-rw-r--r--source4/heimdal/kdc/pkinit.c2
5 files changed, 12 insertions, 8 deletions
diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c
index fe977ded5a..6fbf5fdae1 100644
--- a/source4/heimdal/kdc/default_config.c
+++ b/source4/heimdal/kdc/default_config.c
@@ -54,7 +54,7 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->as_use_strongest_session_key = FALSE;
c->preauth_use_strongest_session_key = FALSE;
c->tgs_use_strongest_session_key = FALSE;
- c->use_strongest_server_key = FALSE;
+ c->use_strongest_server_key = TRUE;
c->check_ticket_addresses = TRUE;
c->allow_null_ticket_addresses = TRUE;
c->allow_anonymous = FALSE;
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 4bc1619170..c13abb7ce0 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -978,7 +978,7 @@ _kdc_as_rep(krb5_context context,
krb5_crypto crypto;
Key *ckey, *skey;
EncryptionKey *reply_key = NULL, session_key;
- int flags = 0;
+ int flags = HDB_F_FOR_AS_REQ;
#ifdef PKINIT
pk_client_params *pkp = NULL;
#endif
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 92cce5759f..6aad65d408 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1216,7 +1216,7 @@ tgs_parse_request(krb5_context context,
}
if(ap_req.ticket.enc_part.kvno &&
- (unsigned int)*ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
+ *ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
char *p;
ret = krb5_unparse_name (context, princ, &p);
@@ -1508,6 +1508,7 @@ tgs_build_reply(krb5_context context,
Key *tkey_check;
Key *tkey_sign;
+ int flags = HDB_F_FOR_TGS_REQ;
memset(&sessionkey, 0, sizeof(sessionkey));
memset(&adtkt, 0, sizeof(adtkt));
@@ -1517,6 +1518,9 @@ tgs_build_reply(krb5_context context,
s = b->sname;
r = b->realm;
+ if (b->kdc_options.canonicalize)
+ flags |= HDB_F_CANON;
+
if(b->kdc_options.enc_tkt_in_skey){
Ticket *t;
hdb_entry_ex *uu;
@@ -1591,7 +1595,7 @@ tgs_build_reply(krb5_context context,
*/
server_lookup:
- ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | HDB_F_CANON,
+ ret = _kdc_db_fetch(context, config, sp, HDB_F_GET_SERVER | flags,
NULL, NULL, &server);
if(ret == HDB_ERR_NOT_FOUND_HERE) {
@@ -1777,7 +1781,7 @@ server_lookup:
goto out;
}
- ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | HDB_F_CANON,
+ ret = _kdc_db_fetch(context, config, cp, HDB_F_GET_CLIENT | flags,
NULL, &clientdb, &client);
if(ret == HDB_ERR_NOT_FOUND_HERE) {
/* This is OK, we are just trying to find out if they have
@@ -1912,7 +1916,7 @@ server_lookup:
if(rspac.data) {
krb5_pac p = NULL;
krb5_data_free(&rspac);
- ret = _kdc_db_fetch(context, config, tp, HDB_F_GET_CLIENT | HDB_F_CANON,
+ ret = _kdc_db_fetch(context, config, tp, HDB_F_GET_CLIENT | flags,
NULL, &s4u2self_impersonated_clientdb, &s4u2self_impersonated_client);
if (ret) {
const char *msg;
diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c
index f9b34571a3..1b2c440005 100644
--- a/source4/heimdal/kdc/misc.c
+++ b/source4/heimdal/kdc/misc.c
@@ -40,7 +40,7 @@ _kdc_db_fetch(krb5_context context,
krb5_kdc_configuration *config,
krb5_const_principal principal,
unsigned flags,
- krb5int32 *kvno_ptr,
+ krb5uint32 *kvno_ptr,
HDB **db,
hdb_entry_ex **h)
{
diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index a02cb816ab..d85b156500 100644
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -1420,7 +1420,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
memset(&rep, 0, sizeof(rep));
pa_type = KRB5_PADATA_PK_AS_REP_19;
- rep.element = choice_PA_PK_AS_REP_encKeyPack;
+ rep.element = choice_PA_PK_AS_REP_Win2k_encKeyPack;
ret = krb5_generate_random_keyblock(context, enctype,
&cp->reply_key);