]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9055634)
kdc:db-glue: ignore KRB5_PROG_ETYPE_NOSUPP also for Primary:Kerberos
authorStefan Metzmacher <metze@samba.org>
Thu, 23 Apr 2020 09:56:54 +0000 (11:56 +0200)
committerKarolin Seeger <kseeger@samba.org>
Thu, 6 Aug 2020 11:00:25 +0000 (11:00 +0000)
Currently we only ignore KRB5_PROG_ETYPE_NOSUPP for
Primary:Kerberos-Newer-Keys, but not for Primary:Kerberos.

If a service account has msDS-SupportedEncryptionTypes: 31
and DES keys stored in Primary:Kerberos, we'll pass the
DES key to smb_krb5_keyblock_init_contents(), but may get
KRB5_PROG_ETYPE_NOSUPP.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 28 14:04:26 UTC 2020 on sn-devel-184

(cherry picked from commit 4baa7cc8e473f6b63316b4ae5db34796c0f864c3)

Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Thu Aug  6 11:00:25 UTC 2020 on sn-devel-184

selftest/knownfail.d/old_enctypes [deleted file] patch | blob | blame | history
source4/kdc/db-glue.c patch | blob | blame | history

diff --git a/selftest/knownfail.d/old_enctypes b/selftest/knownfail.d/old_enctypes
deleted file mode 100644 (file)
index b8dde6f..0000000
--- a/selftest/knownfail.d/old_enctypes
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.blackbox.test_old_enctypes.Export keytab while old enctypes are supported\(fl2003dc:local\)
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 023ae7b580d672377ea127866d54e378b9b36508..d2a79920ab5e20cb9a725685a1283ee86f943b6d 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -631,18 +631,18 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
                                                              pkb4->keys[i].value->data,
                                                              pkb4->keys[i].value->length,
                                                              &key.key);
-                       if (ret == KRB5_PROG_ETYPE_NOSUPP) {
-                               DEBUG(2,("Unsupported keytype ignored - type %u\n",
-                                        pkb4->keys[i].keytype));
-                               ret = 0;
-                               continue;
-                       }
                        if (ret) {
                                if (key.salt) {
                                        smb_krb5_free_data_contents(context, &key.salt->salt);
                                        free(key.salt);
                                        key.salt = NULL;
                                }
+                               if (ret == KRB5_PROG_ETYPE_NOSUPP) {
+                                       DEBUG(2,("Unsupported keytype ignored - type %u\n",
+                                                pkb4->keys[i].keytype));
+                                       ret = 0;
+                                       continue;
+                               }
                                goto out;
                        }
 
@@ -693,6 +693,12 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
                                        free(key.salt);
                                        key.salt = NULL;
                                }
+                               if (ret == KRB5_PROG_ETYPE_NOSUPP) {
+                                       DEBUG(2,("Unsupported keytype ignored - type %u\n",
+                                                pkb3->keys[i].keytype));
+                                       ret = 0;
+                                       continue;
+                               }
                                goto out;
                        }
 
Mirror of https://github.com/samba-team/samba.git