| commit | 20090f7ba301453fc32bceda90125d043ff9210f | |
| author | Jeffrey Altman <jaltman@secure-endpoints.com> | |
| Sun, 28 Jul 2013 18:48:09 +0000 (28 14:48 -0400) | ||
| committer | Jeffrey Altman <jaltman@secure-endpoints.com> | |
| Mon, 29 Jul 2013 21:59:26 +0000 (29 17:59 -0400) | ||
| tree | 9c8b8d7f4dc36b1b85efec96f2bf49efa371ed28 | treesnapshot (tar.gz zip) |
| parent | a2d0f8e3ee350f7db48d7bcd6eed775ff1ace6e4 | commitdiff |
_kdc_find_etype: do not return success if ret_key != NULL
If _kdc_find_etype() is being called with 'ret_key' != NULL, the
caller is attempting to find an actual principal key. If 'ret_key'
is NULL then it is seeking a session key type. Only return an enctype
that is not in the principal key list unless 'ret_key' is NULL.
As part of this change remove 'clientbest' and the associated
logic as it is both unnecessary and can produce an enctype for
which the key cannot be returned.
Change-Id: Iba319e95fc1eac139f00b0cce20e1249482d2c6f
(cherry picked from commit 95f2abc1168f7050edc20af13f3f31ffd6fb8e69)
If _kdc_find_etype() is being called with 'ret_key' != NULL, the
caller is attempting to find an actual principal key. If 'ret_key'
is NULL then it is seeking a session key type. Only return an enctype
that is not in the principal key list unless 'ret_key' is NULL.
As part of this change remove 'clientbest' and the associated
logic as it is both unnecessary and can produce an enctype for
which the key cannot be returned.
Change-Id: Iba319e95fc1eac139f00b0cce20e1249482d2c6f
(cherry picked from commit 95f2abc1168f7050edc20af13f3f31ffd6fb8e69)
| kdc/kerberos5.c | diffblobblamehistory |