oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: fix AD -> Heimdal x-realm trusts again

Browse Source 
The HDB_F_ALL_KVNOS flag is not getting set in _kdc_db_fetch() if
kvno_ptr == NULL.  Fix the conditional to ensure that one of
HDB_F_ALL_KVNOS or HDB_F_KVNO_SPECIFIED is set in the flags field.

Prior to this change cross-realm TGS_REQ failed with KRB5_GENERIC_ERROR
and e-text "encryption key has bad length".  With this change, the
cross-realm TGS_REQ succeeds.

Change-Id: I4216137a192032544dfbdada12b5c377603ca4b6
This commit is contained in:
Jeffrey Altman
2016-06-23 13:36:31 -04:00
parent 9f6baf00f6
commit f32fd2d56d
1 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
kdc/misc.c
View File

@@ -53,13 +53,11 @@ _kdc_db_fetch(krb5_context context,
*h = NULL;
if (kvno_ptr != NULL) {
if (*kvno_ptr != 0) {
kvno = *kvno_ptr;
flags |= HDB_F_KVNO_SPECIFIED;
} else {
flags |= HDB_F_ALL_KVNOS;
}
if (kvno_ptr != NULL && *kvno_ptr != 0) {
kvno = *kvno_ptr;
flags |= HDB_F_KVNO_SPECIFIED;
} else {
flags |= HDB_F_ALL_KVNOS;
}
ent = calloc(1, sizeof (*ent));