projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e94b402)
pull up r20558 from trunk
authorTom Yu <tlyu@mit.edu>
Fri, 25 Jul 2008 21:07:57 +0000 (21:07 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 25 Jul 2008 21:07:57 +0000 (21:07 +0000)
 r20558@cathode-dark-space:  jaltman | 2008-07-21 16:33:53 -0400
 ticket: 5840
 tags: pullup

 kadm5_decrypt_key(). This patch prevents the returned keyblock's
 enctype from being coerced to the requested 'ktype' if the requested
 'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored".

ticket: 5840
version_fixed: 1.6.4
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20584 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/kadm5/srv/svr_principal.c patch | blob | history

diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index f94d7e89343adc812e5235323bd30d1a8deaf708..4c0910c2e61ad1c46babf4c6a5d98a2d3e0c21fa 100644 (file)
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -2099,7 +2099,8 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle,
      * inexact match on the enctype; this behavior will go away when
      * the key storage architecture gets redesigned for 1.3.
      */
-    keyblock->enctype = ktype;
+    if (ktype != -1)
+        keyblock->enctype = ktype;
 
     if (kvnop)
         *kvnop = key_data->key_data_kvno;
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.