[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: heimdal 0.6.4 KDC v4 support broken?
On Fri, May 27, 2005 at 01:50:35PM -0400, Brandon S. Allbery KF8NH wrote:
> Found in kdc/kerberos4.c near line 390 (and this time it's not a local
> hack...):
>
> snprintf (client_name, sizeof(client_name),
> "%s.%s@%s",
> ad.pname, ad.pinst, ad.prealm);
> ret = db_fetch4(ad.pname, ad.pinst, ad.prealm, &client);
> if(ret != HDB_ERR_NOENTRY ||
> (ret == HDB_ERR_NOENTRY && strcmp(ad.prealm, v4_realm) == 0)) {
> char *s;
> s = kdc_log_msg(0, "Client not found in database: (krb4) "
> "%s.%s@%s: %s",
> ad.pname, ad.pinst, ad.prealm,
> krb5_get_err_text(context, ret));
> make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
> free(s);
> goto out2;
> }
>
> This seems a bit wrong; it loses with "Client not found in database:
> (krb4) ... : Error 0" for valid clients. (And the second condition
> seems even more wrong.)
>
> I note that 0.6.3 had similar code with a simpler condition... wrapped
> in "#if 0".
This was causing problems with zephyr for me 10 days ago, changing
--- kdc/kerberos4.c.orig 2005-05-17 19:07:12.000000000 -0500
+++ kdc/kerberos4.c 2005-05-17 19:08:22.000000000 -0500
@@ -387,7 +387,7 @@
"%s.%s@%s",
ad.pname, ad.pinst, ad.prealm);
ret = db_fetch4(ad.pname, ad.pinst, ad.prealm, &client);
- if(ret != HDB_ERR_NOENTRY ||
+ if(ret == HDB_ERR_NOENTRY ||
(ret == HDB_ERR_NOENTRY && strcmp(ad.prealm, v4_realm) == 0)) {
char *s;
s = kdc_log_msg(0, "Client not found in database: (krb4) "
seemed to make sense to me (and it started working). This is my first
time trolling through heimdal, so the second bit doesn't make much sense
to me and I left it alone. I haven't looked at 0.7rc1 to see if it
works or not.
--
Thomas L. Kula | kula@tproa.net | http://www.madscientistresearch.net
Mathom House upon the Canw, The People's Republic of Ames