diff options
author | Chris Provenzano <proven@mit.edu> | 1995-07-27 08:44:42 +0000 |
---|---|---|
committer | Chris Provenzano <proven@mit.edu> | 1995-07-27 08:44:42 +0000 |
commit | 17a888de38b276e6fc5ed4420bced0465510ee19 (patch) | |
tree | d301b5bbec4b43153559292d651ffd65f6143de3 /src/kdc/kdc_util.c | |
parent | 4f0debdb553c49e68b36ee4e0ece3d2f32e4ae03 (diff) | |
download | krb5-17a888de38b276e6fc5ed4420bced0465510ee19.tar.gz krb5-17a888de38b276e6fc5ed4420bced0465510ee19.tar.xz krb5-17a888de38b276e6fc5ed4420bced0465510ee19.zip |
Use new kdb format
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6329 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_util.c')
-rw-r--r-- | src/kdc/kdc_util.c | 39 |
1 files changed, 24 insertions, 15 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index b044443b8..7edb14d3a 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -306,7 +306,7 @@ cleanup_authenticator: krb5_free_authenticator(kdc_context, authenticator); cleanup_auth_context: - /* We do not want the fre of the auth_context to close the rcache */ + /* We do not want the free of the auth_context to close the rcache */ (void) krb5_auth_con_setrcache(kdc_context, auth_context, 0); krb5_auth_con_free(kdc_context, auth_context); @@ -317,18 +317,19 @@ cleanup: krb5_error_code kdc_get_server_key(ticket, key, kvno) -krb5_ticket *ticket; -krb5_keyblock **key; -krb5_kvno *kvno; + krb5_ticket * ticket; + krb5_keyblock ** key; + krb5_kvno * kvno; { - krb5_error_code retval; - int nprincs; - krb5_db_entry server; - krb5_boolean more; + krb5_error_code retval; + krb5_db_entry server; + krb5_boolean more; + int nprincs, i, last_i; if (krb5_principal_compare(kdc_context, tgs_server, ticket->server)) { + retval = krb5_copy_keyblock(kdc_context, &tgs_key, key); *kvno = tgs_kvno; - return krb5_copy_keyblock(kdc_context, &tgs_key, key); + return retval; } else { nprincs = 1; @@ -345,20 +346,28 @@ krb5_kvno *kvno; krb5_db_free_principal(kdc_context, &server, nprincs); if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) { - krb5_klog_syslog(LOG_ERR, "TGS_REQ: UNKNOWN SERVER: server='%s'", + krb5_klog_syslog(LOG_ERR,"TGS_REQ: UNKNOWN SERVER: server='%s'", sname); free(sname); } return(KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN); } - /* convert server.key into a real key (it may be encrypted - in the database) */ + /* + * Get the latest version of the server key_data and + * convert the key into a real key (it may be encrypted in the database) + */ + for (*kvno = last_i = i = 0; i < server.n_key_data; i++) { + if (*kvno < server.key_data[i].key_data_kvno) { + *kvno = server.key_data[i].key_data_kvno; + last_i = i; + } + } if ((*key = (krb5_keyblock *)malloc(sizeof **key))) { - retval = krb5_kdb_decrypt_key(kdc_context, &master_encblock, - &server.key, *key); + retval = krb5_dbekd_decrypt_key_data(kdc_context, &master_encblock, + &server.key_data[last_i], + *key, NULL); } else retval = ENOMEM; - *kvno = server.kvno; krb5_db_free_principal(kdc_context, &server, nprincs); return retval; } |