kdc: _kdc_find_etype if is_preauth must use long term keys

is_preauth (KFE_IS_PREAUTH is set) might require replying with PA-ETYPE-INFO[2] which requires use of the long-term keys. Without this change is_default_salt_p() can be called with 'key' eq NULL. Change-Id: I513fa768680225d4501d8b390e349a011666d90c
2022-01-24 10:41:51 -05:00
parent 31d5c38976
commit eb08f2ecdd
1 changed files with 1 additions and 1 deletions
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -266,7 +266,7 @@ _kdc_find_etype(astgs_request_t r, uint32_t flags,

                /* check target princ support */
 		key = NULL;
-                if (!(flags & KFE_USE_CLIENT) && princ->etypes) {
+                if (!is_preauth && !(flags & KFE_USE_CLIENT) && princ->etypes) {
                    /*
                     * Use the etypes list from the server's HDB entry instead
                     * of deriving it from its long-term keys.  This allows an