Currently we only ignore KRB5_PROG_ETYPE_NOSUPP for
Primary:Kerberos-Newer-Keys, but not for Primary:Kerberos.
If a service account has msDS-SupportedEncryptionTypes: 31
and DES keys stored in Primary:Kerberos, we'll pass the
DES key to smb_krb5_keyblock_init_contents(), but may get
KRB5_PROG_ETYPE_NOSUPP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 28 14:04:26 UTC 2020 on sn-devel-184
(cherry picked from commit
4baa7cc8e473f6b63316b4ae5db34796c0f864c3)
Autobuild-User(v4-13-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-13-test): Fri Aug 7 10:39:26 UTC 2020 on sn-devel-184
+++ /dev/null
-^samba4.blackbox.test_old_enctypes.Export keytab while old enctypes are supported\(fl2003dc:local\)
pkb4->keys[i].value->data,
pkb4->keys[i].value->length,
&key.key);
- if (ret == KRB5_PROG_ETYPE_NOSUPP) {
- DEBUG(2,("Unsupported keytype ignored - type %u\n",
- pkb4->keys[i].keytype));
- ret = 0;
- continue;
- }
if (ret) {
if (key.salt) {
smb_krb5_free_data_contents(context, &key.salt->salt);
free(key.salt);
key.salt = NULL;
}
+ if (ret == KRB5_PROG_ETYPE_NOSUPP) {
+ DEBUG(2,("Unsupported keytype ignored - type %u\n",
+ pkb4->keys[i].keytype));
+ ret = 0;
+ continue;
+ }
goto out;
}
free(key.salt);
key.salt = NULL;
}
+ if (ret == KRB5_PROG_ETYPE_NOSUPP) {
+ DEBUG(2,("Unsupported keytype ignored - type %u\n",
+ pkb3->keys[i].keytype));
+ ret = 0;
+ continue;
+ }
goto out;
}