diff options
Diffstat (limited to 'src/lib/kdb/kdb_xdr.c')
-rw-r--r-- | src/lib/kdb/kdb_xdr.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/lib/kdb/kdb_xdr.c b/src/lib/kdb/kdb_xdr.c index 5d1911e2..fc31038 100644 --- a/src/lib/kdb/kdb_xdr.c +++ b/src/lib/kdb/kdb_xdr.c @@ -724,6 +724,7 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) int i, index; int maxkvno; krb5_key_data *datap; + krb5_error_code ret; if (kvno == -1 && stype == -1 && ktype == -1) kvno = 0; @@ -741,15 +742,25 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) datap = (krb5_key_data *) NULL; for (i = *start; i < dbentp->n_key_data; i++) { krb5_boolean similar; - krb5_error_code ret; krb5_int32 db_stype; + ret = 0; if (dbentp->key_data[i].key_data_ver > 1) { db_stype = dbentp->key_data[i].key_data_type[1]; } else { db_stype = KRB5_KDB_SALTTYPE_NORMAL; } + + /* + * Filter out non-permitted enctypes. + */ + if (!krb5_is_permitted_enctype(kcontext, + dbentp->key_data[i].key_data_type[0])) { + ret = KRB5_KDB_NO_PERMITTED_KEY; + continue; + } + if (ktype >= 0) { if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype, dbentp->key_data[i].key_data_type[0], @@ -776,7 +787,7 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) } } if (maxkvno < 0) - return ENOENT; + return ret ? ret : KRB5_KDB_NO_MATCHING_KEY; *kdatap = datap; *start = index+1; return 0; |