fix kadmind startup failure with krb4 vuln patch

	* keytab.c (krb5_ktkdb_get_entry): Do not perform the enctype
	comparison if the requested enctype is a wildcard.

ticket: new
status: open
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15295 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog
index 4592b4c195d1f3acfd7c9045076d58adecbbd028..e461fdc273d412c214f0bcddb1ac8d63b84de767 100644 (file)
--- a/src/lib/kdb/ChangeLog
+++ b/src/lib/kdb/ChangeLog
@@ -1,3 +1,8 @@
+2003-03-18  Tom Yu  <tlyu@mit.edu>
+
+       * keytab.c (krb5_ktkdb_get_entry): Do not perform the enctype
+       comparison if the requested enctype is a wildcard.
+
 2003-03-16  Sam Hartman  <hartmans@mit.edu>
 
        * keytab.c (krb5_ktkdb_get_entry):  Match only against the first

diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c
index 6a1dea1524f640ab42c57e22caa47f1df992cde4..90a81cac84cbce816c874eb87a92ceed1900ee2a 100644 (file)
--- a/src/lib/kdb/keytab.c
+++ b/src/lib/kdb/keytab.c
@@ -172,15 +172,17 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
     if (kerror)
        goto error;
 
-    kerror = krb5_c_enctype_compare(context, enctype, entry->key.enctype, &similar);
-    if (kerror)
-       goto error;
-
-    if (!similar) {
-               kerror = KRB5_KDB_NO_PERMITTED_KEY;
-       goto error;
+    if (enctype > 0) { 
+       kerror = krb5_c_enctype_compare(context, enctype,
+                                       entry->key.enctype, &similar);
+       if (kerror)
+           goto error;
+
+       if (!similar) {
+           kerror = KRB5_KDB_NO_PERMITTED_KEY;
+           goto error;
+       }
     }
-
     /*
      * Coerce the enctype of the output keyblock in case we got an
      * inexact match on the enctype.