From kwc@babylon.citi.umich.edu Wed Dec 10 14:00:58 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3p2) with ESMTP id OAA02488; Wed, 10 Dec 2003 14:00:58 -0500 (EST) Received: from citi.umich.edu (citi.umich.edu [141.211.133.111]) by pacific-carrier-annex.mit.edu (8.12.4/8.9.2) with ESMTP id hBAJ0vfD029508 for ; Wed, 10 Dec 2003 14:00:57 -0500 (EST) Received: from babylon.citi.umich.edu (babylon.citi.umich.edu [141.211.133.5]) (using TLSv1 with cipher EDH-DSS-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by citi.umich.edu (Postfix) with ESMTP id 69A74207D7 for ; Wed, 10 Dec 2003 14:00:57 -0500 (EST) Received: (from kwc@localhost) by babylon.citi.umich.edu (8.12.10/8.12.10/Submit) id hBAJ0vXs022390; Wed, 10 Dec 2003 14:00:57 -0500 Date: Wed, 10 Dec 2003 14:00:57 -0500 Message-Id: <200312101900.hBAJ0vXs022390@babylon.citi.umich.edu> To: krb5-bugs@mit.edu Subject: enctype coercion should go away? From: kwc@citi.umich.edu Reply-To: kwc@citi.umich.edu Cc: X-send-pr-version: 3.99 >Submitter-Id: net >Originator: Kevin Coffman >Organization: University of Michigan -- CITI >Confidential: no >Synopsis: enctype coercion results in bad enctype >Severity: serious >Priority: medium >Category: krb5-libs >Class: sw-bug >Release: krb5-1.3.1 >Environment: System: Linux babylon.citi.umich.edu 2.4.21-4.ELsmp #1 SMP Fri Oct 3 17:52:56 EDT 2003 i686 i686 i386 GNU/Linux Architecture: i686 >Description: When calling kadm5_decrypt_key() as follows, the enctype in the returned encrypting_key is -1, which is invalid. if ((retval = kadm5_decrypt_key(handle, &server, -1, /* -1 say "don't care" */ -1, 0, encrypting_key, NULL, NULL))) { >How-To-Repeat: >Fix: It appears that this coercion should be removed, but this patch fixed our problem. [ 87 ] rock/.../srv% cvs diff -ub -r MIT_1_3_1 svr_principal.c Index: svr_principal.c =================================================================== RCS file: /afs/umich.edu/group/itd/software/packages/k/kerberos-5/cvs/krb5/src/lib/kadm5/srv/svr_principal.c,v retrieving revision 1.1.1.4 diff -u -b -r1.1.1.4 svr_principal.c --- svr_principal.c 21 Jul 2003 20:36:07 -0000 1.1.1.4 +++ svr_principal.c 10 Dec 2003 18:51:18 -0000 @@ -1772,6 +1772,9 @@ * inexact match on the enctype; this behavior will go away when * the key storage architecture gets redesigned for 1.3. */ +#if defined(UMICH) + if (ktype != -1) +#endif keyblock->enctype = ktype; if (kvnop)