svn rev #23615: branches/krb5-1-8/src/lib/kdb/
tlyu@MIT.EDU
tlyu at MIT.EDU
Fri Jan 8 18:42:59 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=23615
Commit By: tlyu
Log Message:
ticket: 6622
version_fixed: 1.8
status: resolved
pull up r23597, r23599 from trunk
------------------------------------------------------------------------
r23599 | ghudson | 2010-01-06 18:44:04 -0500 (Wed, 06 Jan 2010) | 4 lines
Make krb5_dbe_def_search_enctype more consistent about when it returns
KRB5_KDB_NO_PERMITTED_KEY. Now it will return that error if it sees
any non-permitted enctypes which match the search criteria.
------------------------------------------------------------------------
r23597 | ghudson | 2010-01-06 18:14:14 -0500 (Wed, 06 Jan 2010) | 8 lines
ticket: 6622
target_version: 1.8
tags: pullup
Don't return KRB5_KDB_NO_PERMITTED_KEY from
krb5_dbe_def_search_enctype if we previously returned results (i.e. if
*start > 0).
Changed Files:
U branches/krb5-1-8/src/lib/kdb/kdb_default.c
Modified: branches/krb5-1-8/src/lib/kdb/kdb_default.c
===================================================================
--- branches/krb5-1-8/src/lib/kdb/kdb_default.c 2010-01-08 19:53:34 UTC (rev 23614)
+++ branches/krb5-1-8/src/lib/kdb/kdb_default.c 2010-01-08 23:42:59 UTC (rev 23615)
@@ -61,6 +61,7 @@
int maxkvno;
krb5_key_data *datap;
krb5_error_code ret;
+ krb5_boolean saw_non_permitted = FALSE;
ret = 0;
if (kvno == -1 && stype == -1 && ktype == -1)
@@ -88,42 +89,38 @@
db_stype = KRB5_KDB_SALTTYPE_NORMAL;
}
- /*
- * Filter out non-permitted enctypes.
- */
- if (!krb5_is_permitted_enctype(kcontext,
- dbentp->key_data[i].key_data_type[0])) {
- ret = KRB5_KDB_NO_PERMITTED_KEY;
- continue;
- }
-
-
+ /* Match this entry against the arguments. */
if (ktype != -1) {
if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
dbentp->key_data[i].key_data_type[0],
&similar)))
return(ret);
+ if (!similar)
+ continue;
}
+ if (stype >= 0 && db_stype != stype)
+ continue;
+ if (kvno >= 0 && dbentp->key_data[i].key_data_kvno != kvno)
+ continue;
- if (((ktype == -1) || similar) &&
- ((db_stype == stype) || (stype < 0))) {
- if (kvno >= 0) {
- if (kvno == dbentp->key_data[i].key_data_kvno) {
- datap = &dbentp->key_data[i];
- idx = i;
- maxkvno = kvno;
- break;
- }
- } else {
- if (dbentp->key_data[i].key_data_kvno > maxkvno) {
- maxkvno = dbentp->key_data[i].key_data_kvno;
- datap = &dbentp->key_data[i];
- idx = i;
- }
- }
+ /* Filter out non-permitted enctypes. */
+ if (!krb5_is_permitted_enctype(kcontext,
+ dbentp->key_data[i].key_data_type[0])) {
+ saw_non_permitted = TRUE;
+ continue;
}
+
+ if (dbentp->key_data[i].key_data_kvno > maxkvno) {
+ maxkvno = dbentp->key_data[i].key_data_kvno;
+ datap = &dbentp->key_data[i];
+ idx = i;
+ }
}
+ /* If we scanned the whole set of keys and matched only non-permitted
+ * enctypes, indicate that. */
+ if (maxkvno < 0 && *start == 0 && saw_non_permitted)
+ ret = KRB5_KDB_NO_PERMITTED_KEY;
if (maxkvno < 0)
return ret ? ret : KRB5_KDB_NO_MATCHING_KEY;
*kdatap = datap;
More information about the cvs-krb5
mailing list