svn rev #23659: branches/krb5-1-8/src/lib/kadm5/srv/
tlyu@MIT.EDU
tlyu at MIT.EDU
Thu Jan 14 13:51:13 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=23659
Commit By: tlyu
Log Message:
ticket: 6640
version_fixed: 1.8
status: resolved
pull up r23657 from trunk
------------------------------------------------------------------------
r23657 | ghudson | 2010-01-14 11:09:24 -0500 (Thu, 14 Jan 2010) | 9 lines
ticket: 6640
subject: Make history key exempt from permitted_enctypes
tags: pullup
target_version: 1.8
In kdb_init_hist, just use the first key entry in the kadmin/history
entry. This makes the history key work even if the enctype is
disallowed by allow_weak_crypto=false or other configuration.
Changed Files:
U branches/krb5-1-8/src/lib/kadm5/srv/server_kdb.c
Modified: branches/krb5-1-8/src/lib/kadm5/srv/server_kdb.c
===================================================================
--- branches/krb5-1-8/src/lib/kadm5/srv/server_kdb.c 2010-01-14 18:51:09 UTC (rev 23658)
+++ branches/krb5-1-8/src/lib/kadm5/srv/server_kdb.c 2010-01-14 18:51:13 UTC (rev 23659)
@@ -136,7 +136,6 @@
{
int ret = 0;
char *realm, *hist_name;
- krb5_key_data *key_data;
krb5_key_salt_tuple ks[1];
krb5_keyblock *tmp_mkey;
@@ -205,10 +204,11 @@
}
- ret = krb5_dbe_find_enctype(handle->context, &hist_db, -1, -1, -1,
- &key_data);
- if (ret)
- goto done;
+ if (hist_db.n_key_data <= 0) {
+ krb5_set_error_message(handle->context, KRB5_KDB_NO_MATCHING_KEY,
+ "History entry contains no key data");
+ return KRB5_KDB_NO_MATCHING_KEY;
+ }
ret = krb5_dbe_find_mkey(handle->context, master_keylist, &hist_db,
&tmp_mkey);
@@ -216,11 +216,11 @@
goto done;
ret = krb5_dbekd_decrypt_key_data(handle->context, tmp_mkey,
- key_data, &hist_key, NULL);
+ &hist_db.key_data[0], &hist_key, NULL);
if (ret)
goto done;
- hist_kvno = key_data->key_data_kvno;
+ hist_kvno = hist_db.key_data[0].key_data_kvno;
done:
free(hist_name);
More information about the cvs-krb5
mailing list