make excpetion for known weak types
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23598 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -678,6 +678,7 @@ tgs_make_reply(krb5_context context,
|
|||||||
EncTicketPart et;
|
EncTicketPart et;
|
||||||
KDCOptions f = b->kdc_options;
|
KDCOptions f = b->kdc_options;
|
||||||
krb5_error_code ret;
|
krb5_error_code ret;
|
||||||
|
int is_weak = 0;
|
||||||
|
|
||||||
memset(&rep, 0, sizeof(rep));
|
memset(&rep, 0, sizeof(rep));
|
||||||
memset(&et, 0, sizeof(et));
|
memset(&et, 0, sizeof(et));
|
||||||
@@ -885,6 +886,14 @@ tgs_make_reply(krb5_context context,
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (krb5_enctype_valid(context, et.key.keytype) != 0
|
||||||
|
&& _kdc_is_weak_expection(server->entry.principal, et.key.keytype))
|
||||||
|
{
|
||||||
|
krb5_enctype_enable(context, et.key.keytype);
|
||||||
|
is_weak = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* It is somewhat unclear where the etype in the following
|
/* It is somewhat unclear where the etype in the following
|
||||||
encryption should come from. What we have is a session
|
encryption should come from. What we have is a session
|
||||||
key in the passed tgt, and a list of preferred etypes
|
key in the passed tgt, and a list of preferred etypes
|
||||||
@@ -899,6 +908,9 @@ tgs_make_reply(krb5_context context,
|
|||||||
&rep, &et, &ek, et.key.keytype,
|
&rep, &et, &ek, et.key.keytype,
|
||||||
kvno,
|
kvno,
|
||||||
serverkey, 0, &tgt->key, e_text, reply);
|
serverkey, 0, &tgt->key, e_text, reply);
|
||||||
|
if (is_weak)
|
||||||
|
krb5_enctype_disable(context, et.key.keytype);
|
||||||
|
|
||||||
out:
|
out:
|
||||||
free_TGS_REP(&rep);
|
free_TGS_REP(&rep);
|
||||||
free_TransitedEncoding(&et.transited);
|
free_TransitedEncoding(&et.transited);
|
||||||
|
|||||||
Reference in New Issue
Block a user