From kwc@babylon.citi.umich.edu Wed Dec 10 14:00:58 2003
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id OAA02488; Wed, 10 Dec 2003 14:00:58 -0500 (EST)
Received: from citi.umich.edu (citi.umich.edu [141.211.133.111])
by pacific-carrier-annex.mit.edu (8.12.4/8.9.2) with ESMTP id hBAJ0vfD029508
for <krb5-bugs@mit.edu>; Wed, 10 Dec 2003 14:00:57 -0500 (EST)
Received: from babylon.citi.umich.edu (babylon.citi.umich.edu [141.211.133.5])
(using TLSv1 with cipher EDH-DSS-DES-CBC3-SHA (168/168 bits))
(No client certificate requested)
by citi.umich.edu (Postfix) with ESMTP id 69A74207D7
for <krb5-bugs@mit.edu>; Wed, 10 Dec 2003 14:00:57 -0500 (EST)
Received: (from kwc@localhost)
by babylon.citi.umich.edu (8.12.10/8.12.10/Submit) id hBAJ0vXs022390;
Wed, 10 Dec 2003 14:00:57 -0500
Date: Wed, 10 Dec 2003 14:00:57 -0500
Message-Id: <200312101900.hBAJ0vXs022390@babylon.citi.umich.edu>
To: krb5-bugs@mit.edu
Subject: enctype coercion should go away?
From: kwc@citi.umich.edu
Reply-To: kwc@citi.umich.edu
Cc:
X-send-pr-version: 3.99
System: Linux babylon.citi.umich.edu 2.4.21-4.ELsmp #1 SMP Fri Oct 3 17:52:56 EDT 2003 i686 i686 i386 GNU/Linux
Architecture: i686
returned encrypting_key is -1, which is invalid.
if ((retval = kadm5_decrypt_key(handle,
&server,
-1, /* -1 say "don't care" */
-1,
0,
encrypting_key, NULL, NULL))) {
It appears that this coercion should be removed, but this patch
fixed our problem.
[ 87 ] rock/.../srv% cvs diff -ub -r MIT_1_3_1 svr_principal.c
Index: svr_principal.c
===================================================================
RCS file: /afs/umich.edu/group/itd/software/packages/k/kerberos-5/cvs/krb5/src/lib/kadm5/srv/svr_principal.c,v
retrieving revision 1.1.1.4
diff -u -b -r1.1.1.4 svr_principal.c
--- svr_principal.c 21 Jul 2003 20:36:07 -0000 1.1.1.4
+++ svr_principal.c 10 Dec 2003 18:51:18 -0000
@@ -1772,6 +1772,9 @@
* inexact match on the enctype; this behavior will go away when
* the key storage architecture gets redesigned for 1.3.
*/
+#if defined(UMICH)
+ if (ktype != -1)
+#endif
keyblock->enctype = ktype;
if (kvnop)
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id OAA02488; Wed, 10 Dec 2003 14:00:58 -0500 (EST)
Received: from citi.umich.edu (citi.umich.edu [141.211.133.111])
by pacific-carrier-annex.mit.edu (8.12.4/8.9.2) with ESMTP id hBAJ0vfD029508
for <krb5-bugs@mit.edu>; Wed, 10 Dec 2003 14:00:57 -0500 (EST)
Received: from babylon.citi.umich.edu (babylon.citi.umich.edu [141.211.133.5])
(using TLSv1 with cipher EDH-DSS-DES-CBC3-SHA (168/168 bits))
(No client certificate requested)
by citi.umich.edu (Postfix) with ESMTP id 69A74207D7
for <krb5-bugs@mit.edu>; Wed, 10 Dec 2003 14:00:57 -0500 (EST)
Received: (from kwc@localhost)
by babylon.citi.umich.edu (8.12.10/8.12.10/Submit) id hBAJ0vXs022390;
Wed, 10 Dec 2003 14:00:57 -0500
Date: Wed, 10 Dec 2003 14:00:57 -0500
Message-Id: <200312101900.hBAJ0vXs022390@babylon.citi.umich.edu>
To: krb5-bugs@mit.edu
Subject: enctype coercion should go away?
From: kwc@citi.umich.edu
Reply-To: kwc@citi.umich.edu
Cc:
X-send-pr-version: 3.99
Show quoted text
>Submitter-Id: net
>Originator: Kevin Coffman
>Organization:
University of Michigan -- CITI>Originator: Kevin Coffman
>Organization:
Show quoted text
>Confidential: no
>Synopsis: enctype coercion results in bad enctype
>Severity: serious
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: krb5-1.3.1
>Environment:
>Synopsis: enctype coercion results in bad enctype
>Severity: serious
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: krb5-1.3.1
>Environment:
System: Linux babylon.citi.umich.edu 2.4.21-4.ELsmp #1 SMP Fri Oct 3 17:52:56 EDT 2003 i686 i686 i386 GNU/Linux
Architecture: i686
Show quoted text
>Description:
When calling kadm5_decrypt_key() as follows, the enctype in thereturned encrypting_key is -1, which is invalid.
if ((retval = kadm5_decrypt_key(handle,
&server,
-1, /* -1 say "don't care" */
-1,
0,
encrypting_key, NULL, NULL))) {
Show quoted text
>How-To-Repeat:
>Fix:
>Fix:
It appears that this coercion should be removed, but this patch
fixed our problem.
[ 87 ] rock/.../srv% cvs diff -ub -r MIT_1_3_1 svr_principal.c
Index: svr_principal.c
===================================================================
RCS file: /afs/umich.edu/group/itd/software/packages/k/kerberos-5/cvs/krb5/src/lib/kadm5/srv/svr_principal.c,v
retrieving revision 1.1.1.4
diff -u -b -r1.1.1.4 svr_principal.c
--- svr_principal.c 21 Jul 2003 20:36:07 -0000 1.1.1.4
+++ svr_principal.c 10 Dec 2003 18:51:18 -0000
@@ -1772,6 +1772,9 @@
* inexact match on the enctype; this behavior will go away when
* the key storage architecture gets redesigned for 1.3.
*/
+#if defined(UMICH)
+ if (ktype != -1)
+#endif
keyblock->enctype = ktype;
if (kvnop)