The Samba-Bugzilla – Attachment 15938 Details for
Bug 14354
Samba 4.12 KDC breaks with DES keys still in the database and msDS-SupportedEncryptionTypes 31 indicating support for it.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
WIP patch on top of v4-12-test
tmp412.diff.txt (text/plain), 1.33 KB, created by
Stefan Metzmacher
on 2020-04-23 10:17:53 UTC
(
hide
)
Description:
WIP patch on top of v4-12-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2020-04-23 10:17:53 UTC
Size:
1.33 KB
patch
obsolete
>From 10ac9824fbb7b9c1eabaf22f01b4edafc24d82f7 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 23 Apr 2020 11:56:54 +0200 >Subject: [PATCH] kdc:db-glue: ignore KRB5_PROG_ETYPE_NOSUPP also for > Primary:Kerberos > >Currently we only ignore KRB5_PROG_ETYPE_NOSUPP for >Primary:Kerberos-Newer-Keys, but not for Primary:Kerberos. > >If a service account has msDS-SupportedEncryptionTypes: 31 >and DES keys stored in Primary:Kerberos, we'll pass the >DES key to smb_krb5_keyblock_init_contents(), but may get >KRB5_PROG_ETYPE_NOSUPP. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > source4/kdc/db-glue.c | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c >index 023ae7b580d6..bebe1e36678b 100644 >--- a/source4/kdc/db-glue.c >+++ b/source4/kdc/db-glue.c >@@ -687,6 +687,12 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context, > pkb3->keys[i].value->data, > pkb3->keys[i].value->length, > &key.key); >+ if (ret == KRB5_PROG_ETYPE_NOSUPP) { >+ DEBUG(2,("Unsupported keytype ignored - type %u\n", >+ pkb3->keys[i].keytype)); >+ ret = 0; >+ continue; >+ } > if (ret) { > if (key.salt) { > smb_krb5_free_data_contents(context, &key.salt->salt); >-- >2.17.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14354
:
15938
|
16145
|
16146
|
16147