svn commit: samba r16964 - in branches/SAMBA_4_0/source/kdc: .
abartlet at samba.org
abartlet at samba.org
Wed Jul 12 00:56:28 GMT 2006
Author: abartlet
Date: 2006-07-12 00:56:27 +0000 (Wed, 12 Jul 2006)
New Revision: 16964
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16964
Log:
Remove extra debugs no longer required in a working KDC
Implement the 'DES only' flag.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/kdc/hdb-ldb.c
Changeset:
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-07-12 00:21:16 UTC (rev 16963)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-07-12 00:56:27 UTC (rev 16964)
@@ -98,8 +98,6 @@
{
HDBFlags flags = int2HDBFlags(0);
- krb5_warnx(context, "uf2HDBFlags: userAccountControl: %08x\n", userAccountControl);
-
/* we don't allow kadmin deletes */
flags.immutable = 1;
@@ -151,20 +149,13 @@
}
*/
/*
- if (userAccountControl & UF_PASSWORD_CANT_CHANGE) {
- flags.invalid = 1;
- }
+ UF_PASSWORD_CANT_CHANGE and UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED are irrelevent
*/
-/*
- if (userAccountControl & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED) {
- flags.invalid = 1;
- }
-*/
if (userAccountControl & UF_TEMP_DUPLICATE_ACCOUNT) {
flags.invalid = 1;
}
-/* UF_DONT_EXPIRE_PASSWD handled in LDB_message2entry() */
+/* UF_DONT_EXPIRE_PASSWD and UF_USE_DES_KEY_ONLY handled in LDB_message2entry() */
/*
if (userAccountControl & UF_MNS_LOGON_ACCOUNT) {
@@ -182,20 +173,12 @@
flags.proxiable = 1;
}
-/*
- if (userAccountControl & UF_SMARTCARD_USE_DES_KEY_ONLY) {
- flags.invalid = 1;
- }
-*/
if (userAccountControl & UF_DONT_REQUIRE_PREAUTH) {
flags.require_preauth = 0;
} else {
flags.require_preauth = 1;
}
-
- krb5_warnx(context, "uf2HDBFlags: HDBFlags: %08x\n", HDBFlags2int(flags));
-
return flags;
}
@@ -246,8 +229,6 @@
memset(entry_ex, 0, sizeof(*entry_ex));
- krb5_warnx(context, "LDB_message2entry:\n");
-
if (!realm) {
krb5_set_error_string(context, "talloc_strdup: out of memory");
ret = ENOMEM;
@@ -395,17 +376,33 @@
ret = ENOMEM;
goto out;
}
- entry_ex->entry.keys.len = ldb_keys->num_values;
+ entry_ex->entry.keys.len = 0;
+
/* Decode Kerberos keys into the hdb structure */
- for (i=0; i < entry_ex->entry.keys.len; i++) {
+ for (i=0; i < ldb_keys->num_values; i++) {
size_t decode_len;
+ Key key;
ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length,
- &entry_ex->entry.keys.val[i], &decode_len);
+ &key, &decode_len);
if (ret) {
/* Could be bougus data in the entry, or out of memory */
goto out;
}
+
+ if (userAccountControl & UF_USE_DES_KEY_ONLY) {
+ switch (key.key.keytype) {
+ case KEYTYPE_DES:
+ entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key;
+ entry_ex->entry.keys.len++;
+ default:
+ /* We must use DES keys only */
+ break;
+ }
+ } else {
+ entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key;
+ entry_ex->entry.keys.len++;
+ }
}
}
@@ -930,8 +927,6 @@
priv->realm_ref_msgs = talloc_steal(priv, realm_ref_msgs);
- krb5_warnx(context, "LDB_firstkey: realm ok\n");
-
lret = ldb_search(ldb_ctx, realm_dn,
LDB_SCOPE_SUBTREE, "(objectClass=user)",
krb5_attrs, &res);
More information about the samba-cvs
mailing list