[Heimdal-source-changes] [heimdal/heimdal] 95f2ab: _kdc_find_etype: do not return success if ret_key ...
GitHub
noreply at github.com
Mon Juli 29 23:55:53 CEST 2013
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 95f2abc1168f7050edc20af13f3f31ffd6fb8e69
https://github.com/heimdal/heimdal/commit/95f2abc1168f7050edc20af13f3f31ffd6fb8e69
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2013-07-29 (Mon, 29 Jul 2013)
Changed paths:
M kdc/kerberos5.c
Log Message:
-----------
_kdc_find_etype: do not return success if ret_key != NULL
If _kdc_find_etype() is being called with 'ret_key' != NULL, the
caller is attempting to find an actual principal key. If 'ret_key'
is NULL then it is seeking a session key type. Only return an enctype
that is not in the principal key list unless 'ret_key' is NULL.
As part of this change remove 'clientbest' and the associated
logic as it is both unnecessary and can produce an enctype for
which the key cannot be returned.
Change-Id: Iba319e95fc1eac139f00b0cce20e1249482d2c6f
Commit: 002a5acbf01efc2596a41b7685f03822b3895216
https://github.com/heimdal/heimdal/commit/002a5acbf01efc2596a41b7685f03822b3895216
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2013-07-29 (Mon, 29 Jul 2013)
Changed paths:
M kdc/misc.c
Log Message:
-----------
apply weak key exceptions to _kdc_get_preferred_key
As part of the keytype validity checks within _kdc_get_preferred_key
_kdc_is_weak_exception must be used to permit the afs/* principals
to have only DES in the key list.
Change-Id: I70801ce9b8c4d3f057542541ce11e06d195efd52
Compare: https://github.com/heimdal/heimdal/compare/dfc7ed639f8b...002a5acbf01e
More information about the Heimdal-source-changes
mailing list