mirror of
https://github.com/samba-team/samba.git
synced 2025-02-26 21:57:41 +03:00
35b2fb4ff3
This fixes an regression introduced in 5c5d586d3ebd40 at a higher level in the caller smb_krb5_kt_add_entry(): calling smb_krb5_kt_add_entry with keep_old_entries=false resulted in only one enctype per principal remaining in the exported keytab. The function smb_krb5_kt_seek_and_delete_old_entries() is called from smb_krb5_kt_add_entry() when adding keys to a keytab. When the keytab contains keys with the same kvno as the key to be added and keep_old_entries is false, the key is deleted without checking the encryption type of the key. This means that when adding keys for a principal only the last enctype will be in the exported keytab. Fix this by checking the encryption type and only treat a key as "old" if keytab_key_kvno <= new_key_kvno and keytab_key_enctype == new_key_enctype. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>