From: Isaac Boukris <iboukris@gmail.com>
Date: Thu, 24 Oct 2019 15:53:34 +0000 (+0300)
Subject: kdc/db-glue: do not fetch single DES keys from db
X-Git-Tag: ldb-2.1.0~686
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e8015d8a3485092e12d610e565c8c4ee2be937b6;p=thirdparty%2Fsamba.git

kdc/db-glue: do not fetch single DES keys from db

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index f62a633c6c7..023ae7b580d 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -359,10 +359,10 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
 
 	/* If UF_USE_DES_KEY_ONLY has been set, then don't allow use of the newer enc types */
 	if (userAccountControl & UF_USE_DES_KEY_ONLY) {
-		supported_enctypes = ENC_CRC32|ENC_RSA_MD5;
+		supported_enctypes = 0;
 	} else {
 		/* Otherwise, add in the default enc types */
-		supported_enctypes |= ENC_CRC32 | ENC_RSA_MD5 | ENC_RC4_HMAC_MD5;
+		supported_enctypes |= ENC_RC4_HMAC_MD5;
 	}
 
 	/* Is this the krbtgt or a RODC krbtgt */