aboutsummaryrefslogtreecommitdiff
path: root/src/lib/kdb/kdb_xdr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/kdb/kdb_xdr.c')
-rw-r--r--src/lib/kdb/kdb_xdr.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/src/lib/kdb/kdb_xdr.c b/src/lib/kdb/kdb_xdr.c
index 5d1911e2..fc31038 100644
--- a/src/lib/kdb/kdb_xdr.c
+++ b/src/lib/kdb/kdb_xdr.c
@@ -724,6 +724,7 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
int i, index;
int maxkvno;
krb5_key_data *datap;
+ krb5_error_code ret;
if (kvno == -1 && stype == -1 && ktype == -1)
kvno = 0;
@@ -741,15 +742,25 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
datap = (krb5_key_data *) NULL;
for (i = *start; i < dbentp->n_key_data; i++) {
krb5_boolean similar;
- krb5_error_code ret;
krb5_int32 db_stype;
+ ret = 0;
if (dbentp->key_data[i].key_data_ver > 1) {
db_stype = dbentp->key_data[i].key_data_type[1];
} else {
db_stype = KRB5_KDB_SALTTYPE_NORMAL;
}
+
+ /*
+ * Filter out non-permitted enctypes.
+ */
+ if (!krb5_is_permitted_enctype(kcontext,
+ dbentp->key_data[i].key_data_type[0])) {
+ ret = KRB5_KDB_NO_PERMITTED_KEY;
+ continue;
+ }
+
if (ktype >= 0) {
if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
dbentp->key_data[i].key_data_type[0],
@@ -776,7 +787,7 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
}
}
if (maxkvno < 0)
- return ENOENT;
+ return ret ? ret : KRB5_KDB_NO_MATCHING_KEY;
*kdatap = datap;
*start = index+1;
return 0;
generated by cgit v1.1 at 2024-08-15 12:45:11 +0000