From 4afb9bddeb074ecd3d8b3c704cfd91907f34c9fb Mon Sep 17 00:00:00 2001
From: Karolin Seeger <kseeger@samba.org>
Date: Wed, 21 Feb 2018 10:15:22 +0100
Subject: [PATCH] Revert "HEIMDAL:hdb: export a hdb_enctype_supported() helper
 function"

This reverts commit 18d7cf191718b3a30165a43271e503cc07ca5b50.
---
 source4/heimdal/kdc/kerberos5.c            | 15 ++++-------
 source4/heimdal/kdc/krb5tgs.c              |  3 ++-
 source4/heimdal/lib/hdb/hdb.c              | 30 +++-------------------
 source4/heimdal/lib/hdb/version-script.map |  1 -
 4 files changed, 10 insertions(+), 39 deletions(-)

diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index c6ec65ee926..db2c6262116 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -131,7 +131,7 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
     krb5_error_code ret;
     krb5_salt def_salt;
     krb5_enctype enctype = ETYPE_NULL;
-    Key *key = NULL;
+    Key *key;
     int i;
 
     /* We'll want to avoid keys with v4 salted keys in the pre-auth case... */
@@ -159,34 +159,29 @@ _kdc_find_etype(krb5_context context, krb5_boolean use_strongest_session_key,
 
 	/* drive the search with local supported enctypes list */
 	p = krb5_kerberos_enctypes(context);
-	for (i = 0; p[i] != ETYPE_NULL && key == NULL; i++) {
+	for (i = 0; p[i] != ETYPE_NULL && enctype == ETYPE_NULL; i++) {
 	    if (krb5_enctype_valid(context, p[i]) != 0)
 		continue;
 
 	    /* check that the client supports it too */
-	    for (j = 0; j < len && key == NULL; j++) {
+	    for (j = 0; j < len && enctype == ETYPE_NULL; j++) {
 		if (p[i] != etypes[j])
 		    continue;
 		/* save best of union of { client, crypto system } */
 		if (clientbest == ETYPE_NULL)
 		    clientbest = p[i];
-		if (enctype == ETYPE_NULL) {
-		    ret = hdb_enctype_supported(context, &princ->entry, p[i]);
-		    if (ret == 0) {
-			enctype = p[i];
-		    }
-		}
 		/* check target princ support */
 		ret = hdb_enctype2key(context, &princ->entry, p[i], &key);
 		if (ret)
 		    continue;
 		if (is_preauth && !is_default_salt_p(&def_salt, key))
 		    continue;
+		enctype = p[i];
 	    }
 	}
 	if (clientbest != ETYPE_NULL && enctype == ETYPE_NULL)
 	    enctype = clientbest;
-	else if (key == NULL)
+	else if (enctype == ETYPE_NULL)
 	    ret = KRB5KDC_ERR_ETYPE_NOSUPP;
 	if (ret == 0 && ret_enctype != NULL)
 	    *ret_enctype = enctype;
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index a91b319c630..a71cfbff66c 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1703,7 +1703,7 @@ server_lookup:
 
 	    ret = _kdc_find_etype(context,
 				  config->tgs_use_strongest_session_key, FALSE,
-				  server, b->etype.val, b->etype.len, &etype,
+				  server, b->etype.val, b->etype.len, NULL,
 				  &skey);
 	    if(ret) {
 		kdc_log(context, config, 0,
@@ -1711,6 +1711,7 @@ server_lookup:
 		goto out;
 	    }
 	    ekey = &skey->key;
+	    etype = skey->key.keytype;
 	    kvno = server->entry.kvno;
 	}
 
diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c
index 4c8df930b0c..5dc5a0957e0 100644
--- a/source4/heimdal/lib/hdb/hdb.c
+++ b/source4/heimdal/lib/hdb/hdb.c
@@ -93,12 +93,11 @@ static struct hdb_method dbmetod =
 #endif
 
 
-static krb5_error_code
-_hdb_next_enctype2key(krb5_context context,
+krb5_error_code
+hdb_next_enctype2key(krb5_context context,
 		     const hdb_entry *e,
 		     krb5_enctype enctype,
-		     Key **key,
-		     bool require_key)
+		     Key **key)
 {
     Key *k;
 
@@ -106,10 +105,6 @@ _hdb_next_enctype2key(krb5_context context,
 	 k < e->keys.val + e->keys.len;
 	 k++)
     {
-	if (require_key && k->key.keyvalue.length == 0) {
-	    continue;
-	}
-
 	if(k->key.keytype == enctype){
 	    *key = k;
 	    return 0;
@@ -121,16 +116,6 @@ _hdb_next_enctype2key(krb5_context context,
     return KRB5_PROG_ETYPE_NOSUPP; /* XXX */
 }
 
-
-krb5_error_code
-hdb_next_enctype2key(krb5_context context,
-		     const hdb_entry *e,
-		     krb5_enctype enctype,
-		     Key **key)
-{
-	return _hdb_next_enctype2key(context, e, enctype, key, true);
-}
-
 krb5_error_code
 hdb_enctype2key(krb5_context context,
 		hdb_entry *e,
@@ -141,15 +126,6 @@ hdb_enctype2key(krb5_context context,
     return hdb_next_enctype2key(context, e, enctype, key);
 }
 
-krb5_error_code
-hdb_enctype_supported(krb5_context context,
-		hdb_entry *e,
-		krb5_enctype enctype)
-{
-    Key *key = NULL;
-    return _hdb_next_enctype2key(context, e, enctype, &key, false);
-}
-
 void
 hdb_free_key(Key *key)
 {
diff --git a/source4/heimdal/lib/hdb/version-script.map b/source4/heimdal/lib/hdb/version-script.map
index c4bd8f4cd44..f80fb78a654 100644
--- a/source4/heimdal/lib/hdb/version-script.map
+++ b/source4/heimdal/lib/hdb/version-script.map
@@ -20,7 +20,6 @@ HEIMDAL_HDB_1.0 {
 		hdb_dbinfo_get_realm;
 		hdb_default_db;
 		hdb_enctype2key;
-		hdb_enctype_supported;
 		hdb_entry2string;
 		hdb_entry2value;
 		hdb_entry_alias2value;
-- 
2.47.2