From c6d3d1d12d7179c2ea2d1e4785cac02454e0af83 Mon Sep 17 00:00:00 2001 From: Ezra Peisach Date: Thu, 2 Jan 1997 04:07:31 +0000 Subject: [PATCH] * kdc_preauth.c (get_sam_edata): Use proper interface to krb5_db_get_principal. Also if SAM is not an option, do not return as a possible type to client. [krb5-kdc/310] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9712 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/ChangeLog | 6 ++++++ src/kdc/kdc_preauth.c | 9 +++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 190c4f3c5..679351671 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,9 @@ +Wed Jan 1 22:56:16 1997 Ezra Peisach + + * kdc_preauth.c (get_sam_edata): Use proper interface to + krb5_db_get_principal. Also if SAM is not an option, do + not return as a possible type to client. [krb5-kdc/310] + Sat Nov 23 17:26:22 1996 Mark Eichin * [krb5-libs/149] only generate requests that you can actually diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index dd8d09b8b..6baaa27d1 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -637,7 +637,8 @@ get_sam_edata(context, request, client, server, pa_data) { char *uname; - int npr = 1, more; + int npr = 1; + krb5_boolean more; krb5_db_entry assoc; krb5_key_data *assoc_key; krb5_principal newp; @@ -663,7 +664,7 @@ get_sam_edata(context, request, client, server, pa_data) strlen(sam_ptr->name); npr = 1; retval = krb5_db_get_principal(kdc_context, newp, &assoc, &npr, &more); - if(!retval) { + if(!retval && npr) { sc.sam_type = sam_ptr->sam_type; break; } @@ -697,6 +698,10 @@ get_sam_edata(context, request, client, server, pa_data) } /* now we can use encrypting_key... */ } + } else { + /* SAM is not an option - so don't return as hint */ + retval = KRB5_PREAUTH_BAD_TYPE; + goto cleanup; } krb5_princ_component(kdc_context,newp,probeslot)->data = 0; -- 2.26.2