Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.189]) by krbdev.mit.edu (8.12.9) with ESMTP id lA9LGrHW021042; Fri, 9 Nov 2007 16:16:53 -0500 (EST) Received: by rv-out-0910.google.com with SMTP id b22so503416rvf for ; Fri, 09 Nov 2007 13:16:52 -0800 (PST) Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=VQv57vuiZasnh5nJNo6SS773U1DsZkr9B0eXMsQ4ufk=; b=sReGQWYmbDqUpdcDWwqAoQAClhNHQkFM2SEvWQATzx8phlNVl2C1mZ4wrIQGIWyX16dVVOelMzHwsXMDosuVaVINe4OAzCadIzXSgETtj0R70rJHvUnv9txBJVDmtMoSMk2wdiTT7b0SCWhstnVf3+8gNfk35LHSOX+DgU+4j0A= Domainkey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=nf8XERch5Fk+X0MyeMnptCSYcYe9gWmZUaaGt7+TpuJwgAv19Yb3zmNJs9SUEtrL2oorebXPs50po+7DprieF3QTFo+6tcIee9pD1anwRjkYk9tAiH4ny4L5c/6nGSMlVoko/WY1hd8YZ1Hy30lXo0pjX5vyH44lr+J5ZXZrDWE= Received: by 10.141.5.3 with SMTP id h3mr1219918rvi.1194643012042; Fri, 09 Nov 2007 13:16:52 -0800 (PST) Received: by 10.141.90.19 with HTTP; Fri, 9 Nov 2007 13:16:52 -0800 (PST) Message-ID: <4d569c330711091316j7fc35cf1xff80a78bc0dfd0dc@mail.gmail.com> Date: Fri, 9 Nov 2007 16:16:52 -0500 From: "Kevin Coffman" Sender: kwcoffman@gmail.com To: rt-comment@krbdev.mit.edu, rt@krbdev.mit.edu Subject: Re: [krbdev.mit.edu #5840] Prevent kadm5_decrypt_key() from coercing the keytype if the requested ktype == -1 In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: X-Google-Sender-Auth: 3856f332e96ad666 RT-Send-Cc: X-RT-Original-Encoding: iso-8859-1 Content-Length: 1251 FYI, this is a dup of RT#2059. On Nov 9, 2007 3:48 PM, Jeffrey Altman via RT wrote: > Tom Yu via RT wrote: > >>>>>> "jaltman" == Jeffrey Altman via RT writes: > > > > jaltman> + if (ktype == -1) > > jaltman> + keyblock->enctype = ktype; > > > > Isn't this backwards if you want -1 to mean the enctype doesn't get > > coerced? > > > You are correct. I manually copied the patch backward. The problem > with manually pulling patches by eyeballing them from other systems. > Corrected patch: > > Index: svr_principal.c > > =================================================================== > > --- svr_principal.c (revision 20163) > > +++ svr_principal.c (working copy) > > @@ -2156,7 +2156,8 @@ > > * inexact match on the enctype; this behavior will go away when > > * the key storage architecture gets redesigned for 1.3. > > */ > > - keyblock->enctype = ktype; > > + if (ktype != -1) > > + keyblock->enctype = ktype; > > if (kvnop) > > *kvnop = key_data->key_data_kvno; > > > _______________________________________________ > > krb5-bugs mailing list > krb5-bugs@mit.edu > https://mailman.mit.edu/mailman/listinfo/krb5-bugs > >