svn rev #21772: branches/mkey_migrate/src/lib/kdb/
wfiveash@MIT.EDU
wfiveash at MIT.EDU
Wed Jan 21 20:03:19 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=21772
Commit By: wfiveash
Log Message:
Fixed problem that was causing the src/tests/mkeystash_compat to fail.
Changed Files:
U branches/mkey_migrate/src/lib/kdb/kdb_default.c
Modified: branches/mkey_migrate/src/lib/kdb/kdb_default.c
===================================================================
--- branches/mkey_migrate/src/lib/kdb/kdb_default.c 2009-01-21 22:30:56 UTC (rev 21771)
+++ branches/mkey_migrate/src/lib/kdb/kdb_default.c 2009-01-22 01:03:16 UTC (rev 21772)
@@ -524,8 +524,7 @@
* latest mkey.
*/
- if (mkey->enctype == master_entry.key_data[0].key_data_type[0] &&
- mkvno == (krb5_kvno) master_entry.key_data[0].key_data_kvno) {
+ if (mkey->enctype == master_entry.key_data[0].key_data_type[0]) {
if (krb5_dbekd_decrypt_key_data(context, mkey,
&master_entry.key_data[0],
&tmp_clearkey, NULL) == 0) {
@@ -542,15 +541,18 @@
if ((retval = krb5_dbe_lookup_mkey_aux(context, &master_entry, &mkey_aux_data_list)))
goto clean_n_exit;
- /* for performance sake, try decrypting with matching kvno */
- for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
- aux_data_entry = aux_data_entry->next) {
+ /* mkvno may be 0 in some cases like keyboard and should be ignored */
+ if (mkvno != 0) {
+ /* for performance sake, try decrypting with matching kvno */
+ for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
+ aux_data_entry = aux_data_entry->next) {
- if (aux_data_entry->mkey_kvno == mkvno) {
- if (krb5_dbekd_decrypt_key_data(context, mkey, &aux_data_entry->latest_mkey,
- &tmp_clearkey, NULL) == 0) {
- found_key = TRUE;
- break;
+ if (aux_data_entry->mkey_kvno == mkvno) {
+ if (krb5_dbekd_decrypt_key_data(context, mkey, &aux_data_entry->latest_mkey,
+ &tmp_clearkey, NULL) == 0) {
+ found_key = TRUE;
+ break;
+ }
}
}
}
More information about the cvs-krb5
mailing list