Attachment 15938 Details for Bug 14354 – WIP patch on top of v4-12-test

[patch] WIP patch on top of v4-12-test

tmp412.diff.txt (text/plain), 1.33 KB, created by Stefan Metzmacher on 2020-04-23 10:17:53 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Stefan Metzmacher

Created: 2020-04-23 10:17:53 UTC

Size: 1.33 KB

patch

obsolete

>From 10ac9824fbb7b9c1eabaf22f01b4edafc24d82f7 Mon Sep 17 00:00:00 2001
>From: Stefan Metzmacher <metze@samba.org>
>Date: Thu, 23 Apr 2020 11:56:54 +0200
>Subject: [PATCH] kdc:db-glue: ignore KRB5_PROG_ETYPE_NOSUPP also for
> Primary:Kerberos
>
>Currently we only ignore KRB5_PROG_ETYPE_NOSUPP for
>Primary:Kerberos-Newer-Keys, but not for Primary:Kerberos.
>
>If a service account has msDS-SupportedEncryptionTypes: 31
>and DES keys stored in Primary:Kerberos, we'll pass the
>DES key to smb_krb5_keyblock_init_contents(), but may get
>KRB5_PROG_ETYPE_NOSUPP.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354
>
>Signed-off-by: Stefan Metzmacher <metze@samba.org>
>---
> source4/kdc/db-glue.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
>diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
>index 023ae7b580d6..bebe1e36678b 100644
>--- a/source4/kdc/db-glue.c
>+++ b/source4/kdc/db-glue.c
>@@ -687,6 +687,12 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
> 							      pkb3->keys[i].value->data,
> 							      pkb3->keys[i].value->length,
> 							      &key.key);
>+			if (ret == KRB5_PROG_ETYPE_NOSUPP) {
>+				DEBUG(2,("Unsupported keytype ignored - type %u\n",
>+					 pkb3->keys[i].keytype));
>+				ret = 0;
>+				continue;
>+			}
> 			if (ret) {
> 				if (key.salt) {
> 					smb_krb5_free_data_contents(context, &key.salt->salt);
>-- 
>2.17.1
>

Actions: View

Attachments on bug 14354: 15938 | 16145 | 16146 | 16147