1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

r16964: Remove extra debugs no longer required in a working KDC

Implement the 'DES only' flag.

Andrew Bartlett
(This used to be commit 9d42bb4b3d2a45da02f0525386468161494852cd)
This commit is contained in:
Andrew Bartlett 2006-07-12 00:56:27 +00:00 committed by Gerald (Jerry) Carter
parent 51de50de29
commit 795c279462

View File

@ -98,8 +98,6 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h
{
HDBFlags flags = int2HDBFlags(0);
krb5_warnx(context, "uf2HDBFlags: userAccountControl: %08x\n", userAccountControl);
/* we don't allow kadmin deletes */
flags.immutable = 1;
@ -151,20 +149,13 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h
}
*/
/*
if (userAccountControl & UF_PASSWORD_CANT_CHANGE) {
flags.invalid = 1;
}
*/
/*
if (userAccountControl & UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED) {
flags.invalid = 1;
}
UF_PASSWORD_CANT_CHANGE and UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED are irrelevent
*/
if (userAccountControl & UF_TEMP_DUPLICATE_ACCOUNT) {
flags.invalid = 1;
}
/* UF_DONT_EXPIRE_PASSWD handled in LDB_message2entry() */
/* UF_DONT_EXPIRE_PASSWD and UF_USE_DES_KEY_ONLY handled in LDB_message2entry() */
/*
if (userAccountControl & UF_MNS_LOGON_ACCOUNT) {
@ -182,20 +173,12 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h
flags.proxiable = 1;
}
/*
if (userAccountControl & UF_SMARTCARD_USE_DES_KEY_ONLY) {
flags.invalid = 1;
}
*/
if (userAccountControl & UF_DONT_REQUIRE_PREAUTH) {
flags.require_preauth = 0;
} else {
flags.require_preauth = 1;
}
krb5_warnx(context, "uf2HDBFlags: HDBFlags: %08x\n", HDBFlags2int(flags));
return flags;
}
@ -246,8 +229,6 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
memset(entry_ex, 0, sizeof(*entry_ex));
krb5_warnx(context, "LDB_message2entry:\n");
if (!realm) {
krb5_set_error_string(context, "talloc_strdup: out of memory");
ret = ENOMEM;
@ -395,17 +376,33 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db,
ret = ENOMEM;
goto out;
}
entry_ex->entry.keys.len = ldb_keys->num_values;
entry_ex->entry.keys.len = 0;
/* Decode Kerberos keys into the hdb structure */
for (i=0; i < entry_ex->entry.keys.len; i++) {
for (i=0; i < ldb_keys->num_values; i++) {
size_t decode_len;
Key key;
ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length,
&entry_ex->entry.keys.val[i], &decode_len);
&key, &decode_len);
if (ret) {
/* Could be bougus data in the entry, or out of memory */
goto out;
}
if (userAccountControl & UF_USE_DES_KEY_ONLY) {
switch (key.key.keytype) {
case KEYTYPE_DES:
entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key;
entry_ex->entry.keys.len++;
default:
/* We must use DES keys only */
break;
}
} else {
entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key;
entry_ex->entry.keys.len++;
}
}
}
@ -930,8 +927,6 @@ static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flag
priv->realm_ref_msgs = talloc_steal(priv, realm_ref_msgs);
krb5_warnx(context, "LDB_firstkey: realm ok\n");
lret = ldb_search(ldb_ctx, realm_dn,
LDB_SCOPE_SUBTREE, "(objectClass=user)",
krb5_attrs, &res);