server = service;
}
- dprintf(2, "krb5_rd_req_ctx:%d: HERE\n", __LINE__);
ret = get_key_from_keytab(context,
&ap_req,
server,
id,
&o->keyblock);
if (ret) {
- dprintf(2, "krb5_rd_req_ctx:%d: HERE\n", __LINE__);
/* If caller specified a server, fail. */
if (service == NULL && (context->flags & KRB5_CTX_F_RD_REQ_IGNORE) == 0)
goto out;
* We got an exact keymatch, use that.
*/
- dprintf(2, "krb5_rd_req_ctx:%d: TRY keyblock\n", __LINE__);
ret = krb5_verify_ap_req2(context,
auth_context,
&ap_req,
&o->ticket,
KRB5_KU_AP_REQ_AUTH);
- if (ret) {
- dprintf(2, "krb5_rd_req_ctx:%d: FAIL keyblock: %d\n", __LINE__, ret);
+ if (ret)
goto out;
- }
- dprintf(2, "krb5_rd_req_ctx:%d: OK keyblock\n", __LINE__);
} else {
/*
if (ret)
goto out;
- dprintf(2, "krb5_rd_req_ctx:%d: START LOOP\n", __LINE__);
done = 0;
while (!done) {
krb5_principal p;
ret = krb5_kt_next_entry(context, id, &entry, &cursor);
if (ret) {
- dprintf(2, "krb5_rd_req_ctx:%d: NOT FOUND\n", __LINE__);
_krb5_kt_principal_not_found(context, ret, id, o->server,
ap_req.ticket.enc_part.etype,
kvno);
}
if (entry.keyblock.keytype != ap_req.ticket.enc_part.etype) {
- dprintf(2, "krb5_rd_req_ctx:%d: SKIP\n", __LINE__);
krb5_kt_free_entry (context, &entry);
continue;
}
- dprintf(2, "krb5_rd_req_ctx:%d: TRY\n", __LINE__);
ret = krb5_verify_ap_req2(context,
auth_context,
&ap_req,
KRB5_KU_AP_REQ_AUTH);
if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
/* failed to decrypt, try the next key */
- dprintf(2, "krb5_rd_req_ctx:%d: FAIL %d => SKIP\n", __LINE__, ret);
krb5_kt_free_entry (context, &entry);
continue;
}
if (ret) {
- dprintf(2, "krb5_rd_req_ctx:%d: FAIL %d\n", __LINE__, ret);
krb5_kt_free_entry (context, &entry);
goto out;
}
- dprintf(2, "krb5_rd_req_ctx:%d: OK\n", __LINE__);
/*
* Found a match, save the keyblock for PAC processing,