* kdc_preauth.c (get_preauth_hint_list): Log a message if preauth is required
authorKen Raeburn <raeburn@mit.edu>
Mon, 7 Feb 2000 10:22:58 +0000 (10:22 +0000)
committerKen Raeburn <raeburn@mit.edu>
Mon, 7 Feb 2000 10:22:58 +0000 (10:22 +0000)
but no preauth types are available.
(return_sam_data): Fix typo in figuring length of data to XOR when merging
keys.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12011 dc483132-0cff-0310-8789-dd5450dbe970

src/kdc/ChangeLog
src/kdc/kdc_preauth.c

index 0e85c758daa78c07da58c8cd8c181517d0fcada1..25b02d12fa08c4d2cb834ab53e1adb8e186deaeb 100644 (file)
@@ -1,3 +1,10 @@
+2000-02-07  Ken Raeburn  <raeburn@raeburn.org>
+
+       * kdc_preauth.c (get_preauth_hint_list): Log a message if preauth
+       is required but no preauth types are available.
+       (return_sam_data): Fix typo in figuring length of data to XOR when
+       merging keys.
+
 2000-02-06  Ken Raeburn  <raeburn@mit.edu>
 
        * kdc_preauth.c: Include <syslog.h>.
index 12e1eec6c434de2d417c20767a47eda14cb0ff90..27b4f846b61d3bf0ee7858bc7cb4ba5cb8be3557 100644 (file)
@@ -270,6 +270,11 @@ void get_preauth_hint_list(request, client, server, e_data)
        }
        pa++;
     }
+    if (pa_data[0] == 0) {
+       krb5_klog_syslog (LOG_INFO,
+                         "%spreauth required but hint list is empty",
+                         hw_only ? "hw" : "");
+    }
     retval = encode_krb5_padata_sequence((const krb5_pa_data **) pa_data,
                                         &edat);
     if (retval)
@@ -759,8 +764,11 @@ return_sam_data(context, in_padata, client, request, reply, client_key,
     {
        krb5_octet *p = encrypting_key->contents;
        krb5_octet *q = psr->sam_key.contents;
+       int length = ((encrypting_key->length < psr->sam_key.length)
+                     ? encrypting_key->length
+                     : psr->sam_key.length);
 
-       for (i = 0; i < encrypting_key->length, i < psr->sam_key.length; i++)
+       for (i = 0; i < length; i++)
            p[i] ^= q[i];
     }
 
@@ -939,6 +947,10 @@ get_sam_edata(context, request, client, server, pa_data)
       sc.sam_challenge.data = "12345";
       sc.sam_challenge.length = strlen(sc.sam_challenge.data);
 
+#if 0 /* Enable this to test "normal" (no flags set) mode.  */
+      psr.sam_flags = sc.sam_flags = 0;
+#endif
+
       psr.magic = KV5M_PREDICTED_SAM_RESPONSE;
       /* string2key on sc.sam_challenge goes in here */
       /* eblock is just to set the enctype */