oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: _kdc_find_etype if is_preauth must use long term keys

Browse Source 
is_preauth (KFE_IS_PREAUTH is set) might require replying with
PA-ETYPE-INFO[2] which requires use of the long-term keys.
Without this change is_default_salt_p() can be called with 'key'
eq NULL.

Change-Id: I513fa768680225d4501d8b390e349a011666d90c
This commit is contained in:
Jeffrey Altman
2022-01-24 10:41:51 -05:00
parent 31d5c38976
commit eb08f2ecdd
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kdc/kerberos5.c
View File

@@ -266,7 +266,7 @@ _kdc_find_etype(astgs_request_t r, uint32_t flags,
/* check target princ support */ /* check target princ support */
key = NULL; key = NULL;
if (!(flags & KFE_USE_CLIENT) && princ->etypes) { if (!is_preauth && !(flags & KFE_USE_CLIENT) && princ->etypes) {
/* /*
* Use the etypes list from the server's HDB entry instead * Use the etypes list from the server's HDB entry instead
* of deriving it from its long-term keys. This allows an * of deriving it from its long-term keys. This allows an