s4:kdc: Pass supported enctypes to samba_kdc_set_fixed_keys()

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 10a8dab76f63788af72153e551c7a3782caaf2f4..a5e7cebab1bd32d05aa8a084e40f607a0319b194 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -336,12 +336,10 @@ static void samba_kdc_sort_keys(struct sdb_keys *keys)
 }
 
 int samba_kdc_set_fixed_keys(krb5_context context,
-                            struct samba_kdc_db_context *kdc_db_ctx,
                             const struct ldb_val *secretbuffer,
-                            bool is_protected,
+                            uint32_t supported_enctypes,
                             struct sdb_keys *keys)
 {
-       uint32_t supported_enctypes = ENC_ALL_TYPES;
        uint16_t allocated_keys = 0;
        int ret;
 
@@ -354,10 +352,6 @@ int samba_kdc_set_fixed_keys(krb5_context context,
                goto out;
        }
 
-       if (is_protected) {
-               supported_enctypes &= ~ENC_RC4_HMAC_MD5;
-       }
-
        if (supported_enctypes & ENC_HMAC_SHA1_96_AES256) {
                struct sdb_key key = {};
 
@@ -419,9 +413,14 @@ static int samba_kdc_set_random_keys(krb5_context context,
                                     struct sdb_keys *keys,
                                     bool is_protected)
 {
+       uint32_t supported_enctypes = ENC_ALL_TYPES;
        struct ldb_val secret_val;
        uint8_t secretbuffer[32];
 
+       if (is_protected) {
+               supported_enctypes &= ~ENC_RC4_HMAC_MD5;
+       }
+
        /*
         * Fake keys until we have a better way to reject
         * non-pkinit requests.
@@ -433,9 +432,9 @@ static int samba_kdc_set_random_keys(krb5_context context,
 
        secret_val = data_blob_const(secretbuffer,
                                     sizeof(secretbuffer));
-       return samba_kdc_set_fixed_keys(context, kdc_db_ctx,
+       return samba_kdc_set_fixed_keys(context,
                                        &secret_val,
-                                       is_protected,
+                                       supported_enctypes,
                                        keys);
 }
 

diff --git a/source4/kdc/db-glue.h b/source4/kdc/db-glue.h
index d9559d395f1779cde673369ef169e851b2e2b0d4..6779a87eadf189a8e6665a6cf6713aae9747560f 100644 (file)
--- a/source4/kdc/db-glue.h
+++ b/source4/kdc/db-glue.h
@@ -26,9 +26,8 @@ struct sdb_entry;
 
 
 int samba_kdc_set_fixed_keys(krb5_context context,
-                            struct samba_kdc_db_context *kdc_db_ctx,
                             const struct ldb_val *secretbuffer,
-                            bool is_protected,
+                            uint32_t supported_enctypes,
                             struct sdb_keys *keys);
 
 krb5_error_code samba_kdc_fetch(krb5_context context,

diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 62e6678158810cf61985c196309fc7a530c96885..480d2c06e5eb0617cad12f208849dbf89c1d75b9 100644 (file)
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -223,7 +223,7 @@ static krb5_error_code hdb_samba4_fetch_fast_cookie(krb5_context context,
                return ret;
        }
 
-       ret = samba_kdc_set_fixed_keys(context, kdc_db_ctx, val, false,
+       ret = samba_kdc_set_fixed_keys(context, val, ENC_ALL_TYPES,
                                       &sentry.keys);
        if (ret != 0) {
                return ret;