From 01c02340c1700aeb16d167be45f6de8d96a91802 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 20 Jan 2015 10:52:22 +0000
Subject: s4:kdc/db-glue: fix supported_enctypes
 samba_kdc_trust_message2entry()

This avoids writing invalid memory, because num_keys was calculated
in a wrong way...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
---
 source4/kdc/db-glue.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'source4')

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index caeb1b2eff..37e2f9e3fc 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -872,7 +872,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
 	int ret, trust_direction_flags;
 	unsigned int i;
 	struct AuthenticationInformationArray *auth_array;
-	uint32_t supported_enctypes = ENCTYPE_ARCFOUR_HMAC;
+	uint32_t supported_enctypes = ENC_RC4_HMAC_MD5;
 
 	if (dsdb_functional_level(kdc_db_ctx->samdb) >= DS_DOMAIN_FUNCTION_2008) {
 		supported_enctypes = ldb_msg_find_attr_as_uint(msg,
@@ -1015,7 +1015,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
 				break;
 			}
 
-			if (supported_enctypes & ENCTYPE_ARCFOUR_HMAC) {
+			if (supported_enctypes & ENC_RC4_HMAC_MD5) {
 				mdfour(_password_hash.hash, password_utf16.data, password_utf16.length);
 				if (password_hash == NULL) {
 					num_keys += 1;
@@ -1047,7 +1047,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
 			}
 			break;
 		} else if (auth_array->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) {
-			if (supported_enctypes & ENCTYPE_ARCFOUR_HMAC) {
+			if (supported_enctypes & ENC_RC4_HMAC_MD5) {
 				password_hash = &auth_array->array[i].AuthInfo.nt4owf.password;
 				num_keys += 1;
 			}
@@ -1085,7 +1085,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
 			goto out;
 		}
 
-		if (supported_enctypes & ENCTYPE_AES256_CTS_HMAC_SHA1_96) {
+		if (supported_enctypes & ENC_HMAC_SHA1_96_AES256) {
 			ret = krb5_string_to_key_data_salt(context,
 							   ENCTYPE_AES256_CTS_HMAC_SHA1_96,
 							   cleartext_data,
@@ -1100,7 +1100,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
 			entry_ex->entry.keys.len++;
 		}
 
-		if (supported_enctypes & ENCTYPE_AES128_CTS_HMAC_SHA1_96) {
+		if (supported_enctypes & ENC_HMAC_SHA1_96_AES128) {
 			ret = krb5_string_to_key_data_salt(context,
 							   ENCTYPE_AES128_CTS_HMAC_SHA1_96,
 							   cleartext_data,
-- 
cgit