[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Missing file

To: Leif Johansson <leifj@matematik.su.se>
Subject: Re: Missing file
From: Assar Westerlund <assar@sics.se>
Date: 21 Nov 1998 21:50:05 +0100
Cc: Maria Pazsit <mary@chips.chalmers.se>, heimdal-discuss@sics.se
In-Reply-To: Leif Johansson's message of "Fri, 20 Nov 1998 13:23:54 +0100"
References: <199811201223.NAA07591@trurl.matematik.su.se>
Sender: owner-heimdal-discuss@sics.se

Leif Johansson <leifj@matematik.su.se> writes:
> _krb5_verify_password: Unknown error -1765328343 while verifying user

The error not being reported is due to using com_err instead of
krb5_err.

> for the following code (if you skip the pamh stuff you should
> be able to reproduce my error message).

I tried your code and it seems to me that the problem is that you have
a 3DES key in your keytab but the code was not prepared to handle
that.  After applying the following patch to verify_init.c it works
for me.

/assar

Index: lib/krb5/verify_init.c
===================================================================
RCS file: /afs/pdc.kth.se/src/packages/kth-krb/SourceRepository/heimdal/lib/krb5/verify_init.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -w -u -w -r1.9 -r1.10
--- verify_init.c	1998/01/03 21:10:34	1.9
+++ verify_init.c	1998/11/21 20:37:57	1.10
@@ -38,7 +38,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: verify_init.c,v 1.9 1998/01/03 21:10:34 joda Exp $");
+RCSID("$Id: verify_init.c,v 1.10 1998/11/21 20:37:57 assar Exp $");
 
 void
 krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *options)
@@ -54,6 +54,26 @@
     options->ap_req_nofail = ap_req_nofail;
 }
 
+/*
+ *
+ */
+
+static krb5_boolean
+fail_verify_is_ok (krb5_context context,
+		   krb5_verify_init_creds_opt *options)
+{
+    if ((options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL
+	&& options->ap_req_nofail == 1)
+	|| krb5_config_get_bool (context,
+				 NULL,
+				 "libdefaults",
+				 "verify_ap_req_nofail",
+				 NULL))
+	return FALSE;
+    else
+	return TRUE;
+}
+
 krb5_error_code
 krb5_verify_init_creds(krb5_context context,
 		       krb5_creds *creds,
@@ -128,8 +148,11 @@
 				    local_ccache,
 				    &match_cred,
 				    &new_creds);
-	if (ret)
+	if (ret) {
+	    if (fail_verify_is_ok (context, options))
+		ret = 0;
 	    goto cleanup;
+	}
     } else
 	new_creds = creds;
 
@@ -146,35 +169,16 @@
     if (ret)
 	goto cleanup;
 
-    ret = krb5_kt_get_entry (context,
-			     keytab,
-			     server,
-			     0,
-			     KEYTYPE_DES,
-			     &entry);
-    if (ret) {
-	if (((options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL) && 
-	     options->ap_req_nofail == 1) || 
-	    krb5_config_get_bool (context,
-				  NULL,
-				  "libdefaults",
-				  "verify_ap_req_nofail",
-				  NULL)) {
-	    goto cleanup;
-	} else {
-	    ret = 0;
-	    goto cleanup;
-	}
-    }
-
-    ret = krb5_rd_req_with_keyblock (context,
+    ret = krb5_rd_req (context,
 				     &auth_context,
 				     &req,
 				     server,
-				     &entry.keyblock,
+		       keytab,
 				     0,
 				     NULL);
 
+    if (ret == KRB5_KT_NOTFOUND && fail_verify_is_ok (context, options))
+	ret = 0;
 cleanup:
     if (auth_context)
 	krb5_auth_con_free (context, auth_context);

Follow-Ups:
- Re: Missing file
  - From: Leif Johansson <leifj@matematik.su.se>

References:
- Re: Missing file
  - From: Leif Johansson <leifj@matematik.su.se>

Prev by Date: Re: Missing file
Next by Date: Re: Missing file
Prev by thread: Re: Missing file
Next by thread: Re: Missing file
Index(es):
- Date
- Thread