diff options
| author | Christof Schmitt <cs@samba.org> | 2018-06-19 15:09:41 -0700 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2018-06-25 13:07:26 +0200 |
| commit | 228e5d4f75bd8e02ea06fe2ebb1ae41038c369d9 (patch) | |
| tree | 0f16654051f20bea439516806c0794108e188869 /lib | |
| parent | df16008c2368387c524cab4ff8660c9538a5060a (diff) | |
| download | samba-228e5d4f75bd8e02ea06fe2ebb1ae41038c369d9.tar.gz | |
krb5_wrap: fix keep_old_entries logic for older kerberos libraries
MIT kerberos 1.13 and older only stores 8 bits of the KVNO. The change
from commit 35b2fb4ff32 resulted in breakage for these kerberos
versions: 'net ads keytab create' reads a large KVNO from AD, and only
the lower 8 bits are stored. The next check then removed the entry again
as the 8 bit value did not match the currently valid KVNO.
Fix this by limiting the check to only 8 bits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13478
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Sat Jun 23 00:57:47 CEST 2018 on sn-devel-144
(cherry picked from commit 97eaeea6a130871cfac5be42459380c0c4e0fae6)
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/krb5_wrap/krb5_samba.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 7c461e5c286..0ba8aaecaea 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -1549,7 +1549,7 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context, } if (!flush && - (kt_entry.vno == kvno) && + ((kt_entry.vno & 0xff) == (kvno & 0xff)) && (kt_entry_enctype != enctype)) { DEBUG(5, (__location__ ": Saving entry with kvno [%d] " |