From c06d5ebfdadce4c140816f72b89838c24f09c6ee Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico103@gmail.com>
Date: Thu, 7 Apr 2011 15:11:05 -0500
Subject: [PATCH] Fixes to patches that add *use-strong* parameters.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
---
 kdc/kerberos5.c | 12 ++++++++----
 kdc/misc.c      | 20 +++++++++++++-------
 2 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index 82a65b62a..947c1154f 100644
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -128,17 +128,19 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
 		krb5_enctype *etypes, unsigned len,
 		krb5_enctype *ret_enctype, Key **ret_key)
 {
-    int i;
     krb5_error_code ret;
     krb5_salt def_salt;
     krb5_enctype enctype = ETYPE_NULL;
-    Key *key = NULL;
+    Key *key;
+    int i;
 
     /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
     ret = krb5_get_pw_salt(context, princ->entry.principal, &def_salt);
     if (ret)
 	return ret;
 
+    ret = KRB5KDC_ERR_ETYPE_NOSUPP;
+
     if (use_strongest_session_key) {
 	const krb5_enctype *p;
 	krb5_enctype clientbest = ETYPE_NULL;
@@ -195,7 +197,7 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
 	 * weak enctypes in krb5.conf and selects this key selection
 	 * algorithm, then we get exactly what RFC4120 says.
 	 */
-	for(i = 0; ret != 0 && i < len ; i++) {
+	for(key = NULL, i = 0; ret != 0 && i < len; i++, key = NULL) {
 
 	    if (krb5_enctype_valid(context, etypes[i]) != 0 &&
 		!_kdc_is_weak_exception(princ->entry.principal, etypes[i]))
@@ -207,7 +209,9 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
 		    continue;
 		}
 		if (ret_key != NULL)
-		    *ret_key   = key;
+		    *ret_key = key;
+		if (ret_enctype != NULL)
+		    *ret_enctype = etypes[i];
 		ret = 0;
 		if (is_preauth && is_default_salt_p(&def_salt, key))
 		    goto out;
diff --git a/kdc/misc.c b/kdc/misc.c
index fb67d5e6f..f9b34571a 100644
--- a/kdc/misc.c
+++ b/kdc/misc.c
@@ -144,20 +144,26 @@ _kdc_get_preferred_key(krb5_context context,
 	    if (krb5_enctype_valid(context, p[i]) != 0)
 		continue;
 	    ret = hdb_enctype2key(context, &h->entry, p[i], key);
-	    if (ret == 0) {
+	    if (ret != 0)
+		continue;
+	    if (enctype != NULL)
 		*enctype = p[i];
-		return 0;
-	    }
+	    return 0;
 	}
     } else {
 	*key = NULL;
 
 	for (i = 0; i < h->entry.keys.len; i++) {
 	    if (krb5_enctype_valid(context, h->entry.keys.val[i].key.keytype)
-		!= 0) {
-		*key = &h->entry.keys.val[i];
-		return 0;
-	    }
+		!= 0)
+		continue;
+	    ret = hdb_enctype2key(context, &h->entry,
+		h->entry.keys.val[i].key.keytype, key);
+	    if (ret != 0)
+		continue;
+	    if (enctype != NULL)
+		*enctype = (*key)->key.keytype;
+	    return 0;
 	}
     }
 
-- 
2.11.4.GIT