svn commit: samba r16964 - in branches/SAMBA_4_0/source/kdc: .

abartlet at samba.org abartlet at samba.org
Wed Jul 12 00:56:28 GMT 2006


Author: abartlet
Date: 2006-07-12 00:56:27 +0000 (Wed, 12 Jul 2006)
New Revision: 16964

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16964

Log:
Remove extra debugs no longer required in a working KDC

Implement the 'DES only' flag.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/kdc/hdb-ldb.c


Changeset:
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c	2006-07-12 00:21:16 UTC (rev 16963)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c	2006-07-12 00:56:27 UTC (rev 16964)
@@ -98,8 +98,6 @@
 {
 	HDBFlags flags = int2HDBFlags(0);
 
-	krb5_warnx(context, "uf2HDBFlags: userAccountControl: %08x\n", userAccountControl);
-
 	/* we don't allow kadmin deletes */
 	flags.immutable = 1;
 
@@ -151,20 +149,13 @@
 	}
 */
 /*
-	if (userAccountControl & UF_PASSWORD_CANT_CHANGE) {
-		flags.invalid = 1;
-	}
+	UF_PASSWORD_CANT_CHANGE and UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED are irrelevent
 */
-/*
-	if (userAccountControl & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED) {
-		flags.invalid = 1;
-	}
-*/
 	if (userAccountControl & UF_TEMP_DUPLICATE_ACCOUNT) {
 		flags.invalid = 1;
 	}
 
-/* UF_DONT_EXPIRE_PASSWD handled in LDB_message2entry() */
+/* UF_DONT_EXPIRE_PASSWD and UF_USE_DES_KEY_ONLY handled in LDB_message2entry() */
 
 /*
 	if (userAccountControl & UF_MNS_LOGON_ACCOUNT) {
@@ -182,20 +173,12 @@
 		flags.proxiable = 1;
 	}
 
-/*
-	if (userAccountControl & UF_SMARTCARD_USE_DES_KEY_ONLY) {
-		flags.invalid = 1;
-	}
-*/
 	if (userAccountControl & UF_DONT_REQUIRE_PREAUTH) {
 		flags.require_preauth = 0;
 	} else {
 		flags.require_preauth = 1;
 
 	}
-
-	krb5_warnx(context, "uf2HDBFlags: HDBFlags: %08x\n", HDBFlags2int(flags));
-
 	return flags;
 }
 
@@ -246,8 +229,6 @@
 
 	memset(entry_ex, 0, sizeof(*entry_ex));
 
-	krb5_warnx(context, "LDB_message2entry:\n");
-
 	if (!realm) {
 		krb5_set_error_string(context, "talloc_strdup: out of memory");
 		ret = ENOMEM;
@@ -395,17 +376,33 @@
 			ret = ENOMEM;
 			goto out;
 		}
-		entry_ex->entry.keys.len = ldb_keys->num_values;
 
+		entry_ex->entry.keys.len = 0;
+
 		/* Decode Kerberos keys into the hdb structure */
-		for (i=0; i < entry_ex->entry.keys.len; i++) {
+		for (i=0; i < ldb_keys->num_values; i++) {
 			size_t decode_len;
+			Key key;
 			ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length, 
-					 &entry_ex->entry.keys.val[i], &decode_len);
+					 &key, &decode_len);
 			if (ret) {
 				/* Could be bougus data in the entry, or out of memory */
 				goto out;
 			}
+
+			if (userAccountControl & UF_USE_DES_KEY_ONLY) {
+				switch (key.key.keytype) {
+				case KEYTYPE_DES:
+					entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key;
+					entry_ex->entry.keys.len++;
+				default:
+					/* We must use DES keys only */
+					break;
+				}
+			} else {
+				entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key;
+				entry_ex->entry.keys.len++;
+			}
 		}
 	} 
 
@@ -930,8 +927,6 @@
 
 	priv->realm_ref_msgs = talloc_steal(priv, realm_ref_msgs);
 
-	krb5_warnx(context, "LDB_firstkey: realm ok\n");
-
 	lret = ldb_search(ldb_ctx, realm_dn,
 				 LDB_SCOPE_SUBTREE, "(objectClass=user)",
 				 krb5_attrs, &res);



More information about the samba-cvs mailing list