kadm5_decrypt_key(). This patch prevents the returned keyblock's

enctype from being coerced to the requested 'ktype' if the requested 'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored". ticket: 5840 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20558 dc483132-0cff-0310-8789-dd5450dbe970
author: Jeffrey Altman <jaltman@secure-endpoints.com> 2008-07-21 20:33:53 +0000
committer: Jeffrey Altman <jaltman@secure-endpoints.com> 2008-07-21 20:33:53 +0000
commit: 39d67c4cf3a060b09717dc541ae57520c9806f6e (patch)
tree: 6daa0b4696907973e2c2b63eb197df56e97553c5 /src
parent: ebe25d9f759503d96a551afeaf3f1214336801de (diff)
download: krb5-39d67c4cf3a060b09717dc541ae57520c9806f6e.zip
krb5-39d67c4cf3a060b09717dc541ae57520c9806f6e.tar.gz
krb5-39d67c4cf3a060b09717dc541ae57520c9806f6e.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 4fb114f..1b76141 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -2160,7 +2160,8 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle,
      * inexact match on the enctype; this behavior will go away when
      * the key storage architecture gets redesigned for 1.3.
      */
-    keyblock->enctype = ktype;
+    if (ktype != -1)
+        keyblock->enctype = ktype;
 
     if (kvnop)
 	 *kvnop = key_data->key_data_kvno;
author	Jeffrey Altman <jaltman@secure-endpoints.com>	2008-07-21 20:33:53 +0000
committer	Jeffrey Altman <jaltman@secure-endpoints.com>	2008-07-21 20:33:53 +0000
commit	39d67c4cf3a060b09717dc541ae57520c9806f6e (patch)
tree	6daa0b4696907973e2c2b63eb197df56e97553c5 /src
parent	ebe25d9f759503d96a551afeaf3f1214336801de (diff)
download	krb5-39d67c4cf3a060b09717dc541ae57520c9806f6e.zip krb5-39d67c4cf3a060b09717dc541ae57520c9806f6e.tar.gz krb5-39d67c4cf3a060b09717dc541ae57520c9806f6e.tar.bz2