diff options
author | Greg Hudson <ghudson@mit.edu> | 2020-05-13 13:05:49 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2020-05-21 14:53:31 -0400 |
commit | 32f3659b836319112ed951371944ca50f19e9167 (patch) | |
tree | c4012a214b984c26b5657ff0744db00ad62151d9 | |
parent | a5d504e908836db10946145c245ffa2ccf428ca7 (diff) | |
download | krb5-32f3659b836319112ed951371944ca50f19e9167.zip krb5-32f3659b836319112ed951371944ca50f19e9167.tar.gz krb5-32f3659b836319112ed951371944ca50f19e9167.tar.bz2 |
Prevent use of invalid local TGT key
Commit 570967e11bd5ea60a82fc8157ad7d07602402ebb took a shortcut in
get_local_tgt() by using the first key data entry in the TGT principal
entry. This is usually correct, but if the first key data entry has
an invalid enctype (such as a single-DES enctype), we can select a key
we can't use. Call krb5_dbe_find_enctype() instead. Reported by
Leonard Peirce.
(cherry picked from commit d7ed635e822e13b89fef93463d1d132b1e03b78f)
ticket: 8906
version_fixed: 1.18.2
-rw-r--r-- | src/kdc/kdc_util.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index e5898ea..ba0ce0b 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -564,6 +564,7 @@ get_local_tgt(krb5_context context, const krb5_data *realm, krb5_error_code ret; krb5_principal princ; krb5_db_entry *storage = NULL, *tgt; + krb5_key_data *kd; *alias_out = NULL; *storage_out = NULL; @@ -584,12 +585,11 @@ get_local_tgt(krb5_context context, const krb5_data *realm, tgt = candidate; } - if (tgt->n_key_data == 0) { - ret = KRB5_KDB_NO_MATCHING_KEY; + /* Find and decrypt the first valid key of the current kvno. */ + ret = krb5_dbe_find_enctype(context, tgt, -1, -1, 0, &kd); + if (ret) goto cleanup; - } - ret = krb5_dbe_decrypt_key_data(context, NULL, &tgt->key_data[0], key_out, - NULL); + ret = krb5_dbe_decrypt_key_data(context, NULL, kd, key_out, NULL); if (ret) goto cleanup; |