diff options
| author | Stefan Metzmacher <metze@samba.org> | 2020-04-23 11:56:54 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2020-07-28 14:04:26 +0000 |
| commit | 4baa7cc8e473f6b63316b4ae5db34796c0f864c3 (patch) | |
| tree | 4833b27cb2266aea9dca03004a7198366a644f66 | |
| parent | 07399831794e28c7c2cf0140d0f1d1b5538b5f60 (diff) | |
| download | samba-4baa7cc8e473f6b63316b4ae5db34796c0f864c3.tar.gz | |
kdc:db-glue: ignore KRB5_PROG_ETYPE_NOSUPP also for Primary:Kerberos
Currently we only ignore KRB5_PROG_ETYPE_NOSUPP for
Primary:Kerberos-Newer-Keys, but not for Primary:Kerberos.
If a service account has msDS-SupportedEncryptionTypes: 31
and DES keys stored in Primary:Kerberos, we'll pass the
DES key to smb_krb5_keyblock_init_contents(), but may get
KRB5_PROG_ETYPE_NOSUPP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 28 14:04:26 UTC 2020 on sn-devel-184
| -rw-r--r-- | selftest/knownfail.d/old_enctypes | 1 | ||||
| -rw-r--r-- | source4/kdc/db-glue.c | 18 |
2 files changed, 12 insertions, 7 deletions
diff --git a/selftest/knownfail.d/old_enctypes b/selftest/knownfail.d/old_enctypes deleted file mode 100644 index b8dde6f1f04..00000000000 --- a/selftest/knownfail.d/old_enctypes +++ /dev/null @@ -1 +0,0 @@ -^samba4.blackbox.test_old_enctypes.Export keytab while old enctypes are supported\(fl2003dc:local\) diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 27728dab904..5fd0f431cdf 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -631,18 +631,18 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context, pkb4->keys[i].value->data, pkb4->keys[i].value->length, &key.key); - if (ret == KRB5_PROG_ETYPE_NOSUPP) { - DEBUG(2,("Unsupported keytype ignored - type %u\n", - pkb4->keys[i].keytype)); - ret = 0; - continue; - } if (ret) { if (key.salt) { smb_krb5_free_data_contents(context, &key.salt->salt); free(key.salt); key.salt = NULL; } + if (ret == KRB5_PROG_ETYPE_NOSUPP) { + DEBUG(2,("Unsupported keytype ignored - type %u\n", + pkb4->keys[i].keytype)); + ret = 0; + continue; + } goto out; } @@ -693,6 +693,12 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context, free(key.salt); key.salt = NULL; } + if (ret == KRB5_PROG_ETYPE_NOSUPP) { + DEBUG(2,("Unsupported keytype ignored - type %u\n", + pkb3->keys[i].keytype)); + ret = 0; + continue; + } goto out; } |