| commit | 95f2abc1168f7050edc20af13f3f31ffd6fb8e69 | |
| author | Jeffrey Altman <jaltman@secure-endpoints.com> | |
| Sun, 28 Jul 2013 18:48:09 +0000 (28 14:48 -0400) | ||
| committer | Jeffrey Altman <jaltman@secure-endpoints.com> | |
| Mon, 29 Jul 2013 21:55:38 +0000 (29 17:55 -0400) | ||
| tree | b17863830dd7b2bff83caf849fc38c4706cd9440 | treesnapshot (tar.gz zip) |
| parent | dfc7ed639f8ba7eced10f2d7efd08aa038ac2ecd | commitdiff |
_kdc_find_etype: do not return success if ret_key != NULL
If _kdc_find_etype() is being called with 'ret_key' != NULL, the
caller is attempting to find an actual principal key. If 'ret_key'
is NULL then it is seeking a session key type. Only return an enctype
that is not in the principal key list unless 'ret_key' is NULL.
As part of this change remove 'clientbest' and the associated
logic as it is both unnecessary and can produce an enctype for
which the key cannot be returned.
Change-Id: Iba319e95fc1eac139f00b0cce20e1249482d2c6f
If _kdc_find_etype() is being called with 'ret_key' != NULL, the
caller is attempting to find an actual principal key. If 'ret_key'
is NULL then it is seeking a session key type. Only return an enctype
that is not in the principal key list unless 'ret_key' is NULL.
As part of this change remove 'clientbest' and the associated
logic as it is both unnecessary and can produce an enctype for
which the key cannot be returned.
Change-Id: Iba319e95fc1eac139f00b0cce20e1249482d2c6f
| kdc/kerberos5.c | diffblobblamehistory |