[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multiple krb5 salted des keys

To: heimdal-discuss@sics.se
Subject: Re: multiple krb5 salted des keys
From: Derrick J Brashear <shadow@dementia.org>
Date: Wed, 19 Jul 2000 15:11:11 -0400 (EDT)
In-Reply-To: <Pine.LNX.3.96L.1000719132243.25696U-100000@boombox.andrew.cmu.edu>
Sender: owner-heimdal-discuss@sics.se

Here's a slightly better patch, includes AFS support and gets rid of an
unused variable.

*** sandbox/heimdal/kdc/kerberos5.c	Wed Jul 12 00:49:13 2000
--- ./kerberos5.c	Wed Jul 19 15:07:39 2000
***************
*** 33,39 ****
  
  #include "kdc_locl.h"
  
! RCSID("$Id: kerberos5.c,v 1.115 2000/07/11 23:37:17 assar Exp $");
  
  #define MAX_TIME ((time_t)((1U << 31) - 1))
  
--- 33,39 ----
  
  #include "kdc_locl.h"
  
! RCSID("$Id: kerberos5.c,v 1.114 2000/07/06 22:43:04 assar Exp $");
  
  #define MAX_TIME ((time_t)((1U << 31) - 1))
  
***************
*** 105,110 ****
--- 105,148 ----
  
  #else
  
+ krb5_error_code
+ find_this_etype(hdb_entry *principal, krb5_enctype etype, Key **ret_key)
+ {
+     Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL;
+     int i;
+     krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5, 
+                               ETYPE_DES_CBC_MD4, 
+                               ETYPE_DES_CBC_CRC };
+     for(i = 0; i < sizeof(etypes)/sizeof(etypes[0]); ++i) {
+ 	if (etype == etypes[i]) {
+ 	    Key *key = NULL;
+ 	    while(hdb_next_enctype2key(context, principal, etype, &key) == 0) {
+ 		if(key->salt == NULL) {
+ 		    if(v5_key == NULL)
+ 			v5_key = key;
+ 		} else if(key->salt->type == hdb_pw_salt && 
+ 			  key->salt->salt.length == 0) {
+ 		    if(v4_key == NULL)
+ 			v4_key = key;
+ 		} else if(key->salt->type == hdb_afs3_salt) {
+ 		    if(afs_key == NULL)
+ 			afs_key = key;
+ 		}
+ 	    }
+ 	    if(v5_key)
+ 		*ret_key = v5_key;
+ 	    else if(afs_key)
+ 		*ret_key = afs_key;
+ 	    else if (v4_key)
+ 		*ret_key = v4_key;
+ 	    if(!*ret_key || (*ret_key)->key.keyvalue.length == 0)
+ 		return KERB_ERR_NULL_KEY;
+ 	    return 0;
+ 	}
+     }
+     return hdb_enctype2key(context, principal, etype, ret_key);
+ }
+ 
  static krb5_error_code
  find_etype(hdb_entry *princ, unsigned *etypes, unsigned len, 
  	   Key **key, int *index)
***************
*** 115,121 ****
      for(i = 0; i < len ; i++) {
  	krb5_error_code tmp;
  
! 	tmp = hdb_enctype2key(context, princ, etypes[i], key);
  	if (tmp == 0) {
  	    if ((*key)->key.keyvalue.length != 0) {
  		ret = 0;
--- 153,159 ----
      for(i = 0; i < len ; i++) {
  	krb5_error_code tmp;
  
! 	tmp = find_this_etype(princ, etypes[i], key);
  	if (tmp == 0) {
  	    if ((*key)->key.keyvalue.length != 0) {
  		ret = 0;

References:
- Re: multiple krb5 salted des keys
  - From: Derrick J Brashear <shadow@dementia.org>

Prev by Date: Re: multiple krb5 salted des keys
Next by Date: Re: another kpasswdd issue
Prev by thread: Re: multiple krb5 salted des keys
Next by thread: Interoperating with Win2K
Index(es):
- Date
- Thread