}
}
-static void samba_kdc_sort_keys(struct sdb_keys *keys)
+static void samba_kdc_sort_keys(struct sdb_keys *keys,
+ unsigned int max_keys)
{
+ SMB_ASSERT(max_keys > 0);
+
if (keys == NULL) {
return;
}
TYPESAFE_QSORT(keys->val, keys->len, sdb_key_strength_cmp);
+
+ while (keys->len > max_keys) {
+ unsigned int idx = keys->len - 1;
+
+ sdb_key_free(&keys->val[idx]);
+ keys->len -= 1;
+ }
}
int samba_kdc_set_fixed_keys(krb5_context context,
struct samba_kdc_user_keys {
struct sdb_keys *skeys;
+ uint32_t max_keys;
uint32_t kvno;
uint32_t *returned_kvno;
uint32_t supported_enctypes;
}
}
- samba_kdc_sort_keys(p->skeys);
+ samba_kdc_sort_keys(p->skeys, p->max_keys);
return 0;
fail:
* so we return it.
*/
keys.skeys = &entry->keys;
+ keys.max_keys = UINT32_MAX;
keys.available_enctypes = &available_enctypes;
keys.returned_kvno = &returned_kvno;
} else if (requested_kvno == 0) {
* with the requested kvno.
*/
old_keys.skeys = &entry->keys;
+ old_keys.max_keys = UINT32_MAX;
old_keys.available_enctypes = &available_enctypes;
old_keys.returned_kvno = &returned_kvno;
} else if (requested_kvno == older_keys.kvno) {
* with the requested kvno.
*/
older_keys.skeys = &entry->keys;
+ older_keys.max_keys = UINT32_MAX;
older_keys.available_enctypes = &available_enctypes;
older_keys.returned_kvno = &returned_kvno;
} else {
}
keys.skeys = &entry->keys;
+ keys.max_keys = UINT32_MAX;
keys.available_enctypes = &available_enctypes;
keys.returned_kvno = &returned_kvno;
if (include_history && old_keys.kvno != 0) {
old_keys.skeys = &entry->old_keys;
+ old_keys.max_keys = UINT32_MAX;
}
if (include_history && older_keys.kvno != 0) {
older_keys.skeys = &entry->older_keys;
+ older_keys.max_keys = UINT32_MAX;
}
}
/* Match Windows behavior and allow forwardable flag in cross-realm. */
entry->flags.forwardable = 1;
- samba_kdc_sort_keys(&entry->keys);
+ samba_kdc_sort_keys(&entry->keys, UINT32_MAX);
ret = sdb_entry_set_etypes(entry);
if (ret) {