From 4f188c4c07602116d3d744f88201bee2654123d4 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 25 Jul 2008 21:07:57 +0000 Subject: [PATCH] pull up r20558 from trunk r20558@cathode-dark-space: jaltman | 2008-07-21 16:33:53 -0400 ticket: 5840 tags: pullup kadm5_decrypt_key(). This patch prevents the returned keyblock's enctype from being coerced to the requested 'ktype' if the requested 'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored". ticket: 5840 version_fixed: 1.6.4 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20584 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/kadm5/srv/svr_principal.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index f94d7e893..4c0910c2e 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -2099,7 +2099,8 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, * inexact match on the enctype; this behavior will go away when * the key storage architecture gets redesigned for 1.3. */ - keyblock->enctype = ktype; + if (ktype != -1) + keyblock->enctype = ktype; if (kvnop) *kvnop = key_data->key_data_kvno; -- 2.26.2