oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

apply weak key exceptions to _kdc_get_preferred_key

Browse Source 
As part of the keytype validity checks within _kdc_get_preferred_key
_kdc_is_weak_exception must be used to permit the afs/* principals
to have only DES in the key list.

Change-Id: I70801ce9b8c4d3f057542541ce11e06d195efd52
This commit is contained in:
Jeffrey Altman
2013-07-29 11:38:25 -04:00
parent 95f2abc116
commit 002a5acbf0
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
kdc/misc.c
View File

@@ -144,7 +144,8 @@ _kdc_get_preferred_key(krb5_context context,
const krb5_enctype *p = krb5_kerberos_enctypes(context);
for (i = 0; p[i] != (krb5_enctype)ETYPE_NULL; i++) {
if (krb5_enctype_valid(context, p[i]) != 0)
if (krb5_enctype_valid(context, p[i]) != 0 &&
!_kdc_is_weak_exception(h->entry.principal, p[i]))
continue;
ret = hdb_enctype2key(context, &h->entry, NULL, p[i], key);
if (ret != 0)
@@ -157,8 +158,8 @@ _kdc_get_preferred_key(krb5_context context,
*key = NULL;
for (i = 0; i < h->entry.keys.len; i++) {
if (krb5_enctype_valid(context, h->entry.keys.val[i].key.keytype)
!= 0)
if (krb5_enctype_valid(context, h->entry.keys.val[i].key.keytype) != 0 &&
!_kdc_is_weak_exception(h->entry.principal, h->entry.keys.val[i].key.keytype))
continue;
ret = hdb_enctype2key(context, &h->entry, NULL,
h->entry.keys.val[i].key.keytype, key);