1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

heimdal make kvno unisgned internally

The folks at heimdal didn't like the patch in
commit 6379737b7d and insisted
that kvno should remain unsigned internally, even though it is
encoded as signed in packets. This patch reverts some of the
unsigned->signed changes in that commit, and resolves conversion
issues - in order to be aligned with upstream Heimdal.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 24 03:00:39 CEST 2016 on sn-devel-144
This commit is contained in:
Uri Simchoni 2016-05-17 13:45:11 +03:00 committed by Jeremy Allison
parent 59133295bb
commit b2b951d14f
3 changed files with 17 additions and 4 deletions

View File

@ -1174,6 +1174,8 @@ tgs_parse_request(krb5_context context,
Key *tkey;
krb5_keyblock *subkey = NULL;
unsigned usage;
krb5uint32 kvno = 0;
krb5uint32 *kvno_ptr = NULL;
*auth_data = NULL;
*csec = NULL;
@ -1201,7 +1203,12 @@ tgs_parse_request(krb5_context context,
ap_req.ticket.sname,
ap_req.ticket.realm);
ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, ap_req.ticket.enc_part.kvno, NULL, krbtgt);
if (ap_req.ticket.enc_part.kvno) {
kvno = *ap_req.ticket.enc_part.kvno;
kvno_ptr = &kvno;
}
ret = _kdc_db_fetch(context, config, princ, HDB_F_GET_KRBTGT, kvno_ptr,
NULL, krbtgt);
if(ret == HDB_ERR_NOT_FOUND_HERE) {
char *p;
@ -1541,6 +1548,8 @@ tgs_build_reply(krb5_context context,
hdb_entry_ex *uu;
krb5_principal p;
Key *uukey;
krb5uint32 second_kvno = 0;
krb5uint32 *kvno_ptr = NULL;
if(b->additional_tickets == NULL ||
b->additional_tickets->len == 0){
@ -1557,8 +1566,12 @@ tgs_build_reply(krb5_context context,
goto out;
}
_krb5_principalname2krb5_principal(context, &p, t->sname, t->realm);
if(t->enc_part.kvno){
second_kvno = *t->enc_part.kvno;
kvno_ptr = &second_kvno;
}
ret = _kdc_db_fetch(context, config, p,
HDB_F_GET_KRBTGT, t->enc_part.kvno,
HDB_F_GET_KRBTGT, kvno_ptr,
NULL, &uu);
krb5_free_principal(context, p);
if(ret){

View File

@ -40,7 +40,7 @@ _kdc_db_fetch(krb5_context context,
krb5_kdc_configuration *config,
krb5_const_principal principal,
unsigned flags,
krb5int32 *kvno_ptr,
krb5uint32 *kvno_ptr,
HDB **db,
hdb_entry_ex **h)
{

View File

@ -3183,7 +3183,7 @@ static bool check_pw_with_krb5(struct torture_context *tctx,
const char *old_password = cli_credentials_get_old_password(credentials);
int kvno = cli_credentials_get_kvno(credentials);
int expected_kvno = 0;
krb5int32 t_kvno = 0;
krb5uint32 t_kvno = 0;
const char *host = torture_setting_string(tctx, "host", NULL);
krb5_error_code k5ret;
krb5_boolean k5ok;