oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

_kdc_find_etype: prefer default salt for preauth

Browse Source 
if the query is "preauth" and the caller is seeking a Key, search
try to find a Key that has the default salt but do not exclude keys
that have a non-default salt.

Move the assignment of 'ret' and 'enctype' before the preauth
default salt test.  If the only key of the given type is the non-default
salt key, it should be used.

If the caller is not seeking a Key, do not bother with the preauth
test at all since the Key itself doesn't matter and we are simply
seeking an enctype.

Change-Id: I7cd37c579c0bfdd88bccfbc9eb5e5f55cd1910cb
This commit is contained in:
Jeffrey Altman
2013-07-30 10:46:20 -04:00
parent 002a5acbf0
commit c4aa2f9067
1 changed files with 16 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
kdc/kerberos5.c
View File

@@ -172,19 +172,19 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
/* check target princ support */ /* check target princ support */
key = NULL; key = NULL;
while (ret != 0 && while (hdb_next_enctype2key(context, &princ->entry, NULL,
hdb_next_enctype2key(context, &princ->entry, NULL, p[i], &key) == 0) {
p[i], &key) == 0) { if (key->key.keyvalue.length == 0) {
if (key->key.keyvalue.length == 0) { ret = KRB5KDC_ERR_NULL_KEY;
ret = KRB5KDC_ERR_NULL_KEY; continue;
continue; }
} enctype = p[i];
if (is_preauth && !is_default_salt_p(&def_salt, key)) ret = 0;
continue; if (is_preauth && ret_key != NULL &&
enctype = p[i]; !is_default_salt_p(&def_salt, key))
ret = 0; continue;
} }
} }
} }
} else { } else {
/* /*
@@ -210,10 +210,11 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
ret = KRB5KDC_ERR_NULL_KEY; ret = KRB5KDC_ERR_NULL_KEY;
continue; continue;
} }
if (is_preauth && !is_default_salt_p(&def_salt, key))
continue;
enctype = etypes[i]; enctype = etypes[i];
ret = 0; ret = 0;
if (is_preauth && ret_key != NULL &&
!is_default_salt_p(&def_salt, key))
continue;
} }
} }
} }