[Heimdal-source-changes] [heimdal/heimdal] 95f2ab: _kdc_find_etype: do not return success if ret_key ...

Mon Juli 29 23:55:53 CEST 2013

  Branch: refs/heads/master
  Home:   https://github.com/heimdal/heimdal
  Commit: 95f2abc1168f7050edc20af13f3f31ffd6fb8e69
      https://github.com/heimdal/heimdal/commit/95f2abc1168f7050edc20af13f3f31ffd6fb8e69
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2013-07-29 (Mon, 29 Jul 2013)

  Changed paths:
    M kdc/kerberos5.c

  Log Message:
  -----------
  _kdc_find_etype: do not return success if ret_key != NULL

If _kdc_find_etype() is being called with 'ret_key' != NULL, the
caller is attempting to find an actual principal key.  If 'ret_key'
is NULL then it is seeking a session key type.  Only return an enctype
that is not in the principal key list unless 'ret_key' is NULL.

As part of this change remove 'clientbest' and the associated
logic as it is both unnecessary and can produce an enctype for
which the key cannot be returned.

Change-Id: Iba319e95fc1eac139f00b0cce20e1249482d2c6f

  Commit: 002a5acbf01efc2596a41b7685f03822b3895216
      https://github.com/heimdal/heimdal/commit/002a5acbf01efc2596a41b7685f03822b3895216
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2013-07-29 (Mon, 29 Jul 2013)

  Changed paths:
    M kdc/misc.c

  Log Message:
  -----------
  apply weak key exceptions to _kdc_get_preferred_key

As part of the keytype validity checks within _kdc_get_preferred_key
_kdc_is_weak_exception must be used to permit the afs/* principals
to have only DES in the key list.

Change-Id: I70801ce9b8c4d3f057542541ce11e06d195efd52

Compare: https://github.com/heimdal/heimdal/compare/dfc7ed639f8b...002a5acbf01e