diff options
| author | Stefan Metzmacher <metze@samba.org> | 2015-01-20 10:52:22 +0000 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2015-01-21 14:56:07 +0100 |
| commit | 01c02340c1700aeb16d167be45f6de8d96a91802 (patch) | |
| tree | 470d3bbced0508ce88269836ec089160a653c700 /source4/kdc | |
| parent | 6da86012a2ca521efe0cf1bf05fcd04c3099b190 (diff) | |
| download | samba-01c02340c1700aeb16d167be45f6de8d96a91802.tar.gz samba-01c02340c1700aeb16d167be45f6de8d96a91802.tar.xz samba-01c02340c1700aeb16d167be45f6de8d96a91802.zip | |
s4:kdc/db-glue: fix supported_enctypes samba_kdc_trust_message2entry()
This avoids writing invalid memory, because num_keys was calculated
in a wrong way...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Diffstat (limited to 'source4/kdc')
| -rw-r--r-- | source4/kdc/db-glue.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index caeb1b2eff..37e2f9e3fc 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -872,7 +872,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, int ret, trust_direction_flags; unsigned int i; struct AuthenticationInformationArray *auth_array; - uint32_t supported_enctypes = ENCTYPE_ARCFOUR_HMAC; + uint32_t supported_enctypes = ENC_RC4_HMAC_MD5; if (dsdb_functional_level(kdc_db_ctx->samdb) >= DS_DOMAIN_FUNCTION_2008) { supported_enctypes = ldb_msg_find_attr_as_uint(msg, @@ -1015,7 +1015,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, break; } - if (supported_enctypes & ENCTYPE_ARCFOUR_HMAC) { + if (supported_enctypes & ENC_RC4_HMAC_MD5) { mdfour(_password_hash.hash, password_utf16.data, password_utf16.length); if (password_hash == NULL) { num_keys += 1; @@ -1047,7 +1047,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, } break; } else if (auth_array->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) { - if (supported_enctypes & ENCTYPE_ARCFOUR_HMAC) { + if (supported_enctypes & ENC_RC4_HMAC_MD5) { password_hash = &auth_array->array[i].AuthInfo.nt4owf.password; num_keys += 1; } @@ -1085,7 +1085,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, goto out; } - if (supported_enctypes & ENCTYPE_AES256_CTS_HMAC_SHA1_96) { + if (supported_enctypes & ENC_HMAC_SHA1_96_AES256) { ret = krb5_string_to_key_data_salt(context, ENCTYPE_AES256_CTS_HMAC_SHA1_96, cleartext_data, @@ -1100,7 +1100,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, entry_ex->entry.keys.len++; } - if (supported_enctypes & ENCTYPE_AES128_CTS_HMAC_SHA1_96) { + if (supported_enctypes & ENC_HMAC_SHA1_96_AES128) { ret = krb5_string_to_key_data_salt(context, ENCTYPE_AES128_CTS_HMAC_SHA1_96, cleartext_data, |