From: Jeffrey Altman Date: Mon, 21 Jul 2008 20:33:53 +0000 (+0000) Subject: kadm5_decrypt_key(). This patch prevents the returned keyblock's X-Git-Tag: krb5-1.7-alpha1~572 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=39d67c4cf3a060b09717dc541ae57520c9806f6e;p=krb5.git kadm5_decrypt_key(). This patch prevents the returned keyblock's enctype from being coerced to the requested 'ktype' if the requested 'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored". ticket: 5840 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20558 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 4fb114f35..1b761413c 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -2160,7 +2160,8 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, * inexact match on the enctype; this behavior will go away when * the key storage architecture gets redesigned for 1.3. */ - keyblock->enctype = ktype; + if (ktype != -1) + keyblock->enctype = ktype; if (kvnop) *kvnop = key_data->key_data_kvno;