Fix securid_sam2 preauth for non-default salt

When looking up the client long-term key, look for any salt type, not
just the default salt type.

ticket: 8629

diff --git a/src/plugins/preauth/securid_sam2/grail.c b/src/plugins/preauth/securid_sam2/grail.c
index 18d48f92464fff047ccd0d7c3ac8b01c403fae84..48b61b0d1732e2e693bfd43fcfb7651864a8cfbe 100644 (file)
--- a/src/plugins/preauth/securid_sam2/grail.c
+++ b/src/plugins/preauth/securid_sam2/grail.c
@@ -213,8 +213,7 @@ verify_grail_data(krb5_context context, krb5_db_entry *client,
         return KRB5KDC_ERR_PREAUTH_FAILED;
 
     ret = krb5_dbe_find_enctype(context, client,
-                                sr2->sam_enc_nonce_or_sad.enctype,
-                                KRB5_KDB_SALTTYPE_NORMAL,
+                                sr2->sam_enc_nonce_or_sad.enctype, -1,
                                 sr2->sam_enc_nonce_or_sad.kvno,
                                 &client_key_data);
     if (ret)

diff --git a/src/plugins/preauth/securid_sam2/securid2.c b/src/plugins/preauth/securid_sam2/securid2.c
index ca99ce3ef61f868f8bf6254e6f507995c608bb64..363e17a1091cc9e8e5e1d2ef0985105bf6dd7d65 100644 (file)
--- a/src/plugins/preauth/securid_sam2/securid2.c
+++ b/src/plugins/preauth/securid_sam2/securid2.c
@@ -313,8 +313,7 @@ verify_securid_data_2(krb5_context context, krb5_db_entry *client,
     }
 
     retval = krb5_dbe_find_enctype(context, client,
-                                   sr2->sam_enc_nonce_or_sad.enctype,
-                                   KRB5_KDB_SALTTYPE_NORMAL,
+                                   sr2->sam_enc_nonce_or_sad.enctype, -1,
                                    sr2->sam_enc_nonce_or_sad.kvno,
                                    &client_key_data);
     if (retval) {