oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: don't announce KRB5_PADATA_FX_FAST unless fast is enabled

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15273

Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Stefan Metzmacher
2022-12-29 11:16:06 +01:00
committed by Nico Williams
parent 93454c885c
commit 67a6eb3218
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kdc/kerberos5.c
View File

@@ -1998,6 +1998,9 @@ add_enc_pa_rep(astgs_request_t r)
if (ret) if (ret)
return ret; return ret;
if (!r->config->enable_fast)
return 0;
return krb5_padata_add(r->context, r->ek.encrypted_pa_data, return krb5_padata_add(r->context, r->ek.encrypted_pa_data,
KRB5_PADATA_FX_FAST, NULL, 0); KRB5_PADATA_FX_FAST, NULL, 0);
} }
@@ -2305,6 +2308,8 @@ _kdc_as_rep(astgs_request_t r)
if (!r->armor_crypto && !r->config->enable_unarmored_pa_enc_timestamp) if (!r->armor_crypto && !r->config->enable_unarmored_pa_enc_timestamp)
continue; continue;
} }
if (pat[n].type == KRB5_PADATA_FX_FAST && !r->config->enable_fast)
continue;
ret = krb5_padata_add(r->context, r->rep.padata, ret = krb5_padata_add(r->context, r->rep.padata,
pat[n].type, NULL, 0); pat[n].type, NULL, 0);