[krbdev.mit.edu #2059] enctype coercion results in bad enctype

The RT System itself via RT rt-comment at krbdev.mit.edu
Wed Dec 10 14:01:02 EST 2003 

>From kwc at babylon.citi.umich.edu  Wed Dec 10 14:00:58 2003
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3p2) with ESMTP
	id OAA02488; Wed, 10 Dec 2003 14:00:58 -0500 (EST)
Received: from citi.umich.edu (citi.umich.edu [141.211.133.111])
	by pacific-carrier-annex.mit.edu (8.12.4/8.9.2) with ESMTP id hBAJ0vfD029508
	for <krb5-bugs at mit.edu>; Wed, 10 Dec 2003 14:00:57 -0500 (EST)
Received: from babylon.citi.umich.edu (babylon.citi.umich.edu [141.211.133.5])
	(using TLSv1 with cipher EDH-DSS-DES-CBC3-SHA (168/168 bits))
	(No client certificate requested)
	by citi.umich.edu (Postfix) with ESMTP id 69A74207D7
	for <krb5-bugs at mit.edu>; Wed, 10 Dec 2003 14:00:57 -0500 (EST)
Received: (from kwc at localhost)
	by babylon.citi.umich.edu (8.12.10/8.12.10/Submit) id hBAJ0vXs022390;
	Wed, 10 Dec 2003 14:00:57 -0500
Date: Wed, 10 Dec 2003 14:00:57 -0500
Message-Id: <200312101900.hBAJ0vXs022390 at babylon.citi.umich.edu>
To: krb5-bugs at mit.edu
Subject: enctype coercion should go away?
From: kwc at citi.umich.edu
Reply-To: kwc at citi.umich.edu
Cc: 
X-send-pr-version: 3.99


>Submitter-Id:	net
>Originator:	Kevin Coffman
>Organization:
	University of Michigan -- CITI
>Confidential:	no
>Synopsis:	enctype coercion results in bad enctype
>Severity:	serious
>Priority:	medium
>Category:	krb5-libs
>Class:		sw-bug
>Release:	krb5-1.3.1
>Environment:
	
System: Linux babylon.citi.umich.edu 2.4.21-4.ELsmp #1 SMP Fri Oct 3 17:52:56 EDT 2003 i686 i686 i386 GNU/Linux
Architecture: i686

>Description:
	When calling kadm5_decrypt_key() as follows, the enctype in the
	returned encrypting_key is -1, which is invalid.

        if ((retval = kadm5_decrypt_key(handle,
                                        &server,
                                        -1, /* -1 say "don't care" */
                                        -1,
                                        0,
                                        encrypting_key, NULL, NULL))) {

>How-To-Repeat:
>Fix:

It appears that this coercion should be removed, but this patch
fixed our problem.

[ 87 ] rock/.../srv% cvs diff -ub -r MIT_1_3_1 svr_principal.c
Index: svr_principal.c
===================================================================
RCS file: /afs/umich.edu/group/itd/software/packages/k/kerberos-5/cvs/krb5/src/lib/kadm5/srv/svr_principal.c,v
retrieving revision 1.1.1.4
diff -u -b -r1.1.1.4 svr_principal.c
--- svr_principal.c     21 Jul 2003 20:36:07 -0000      1.1.1.4
+++ svr_principal.c     10 Dec 2003 18:51:18 -0000
@@ -1772,6 +1772,9 @@
      * inexact match on the enctype; this behavior will go away when
      * the key storage architecture gets redesigned for 1.3.
      */
+#if defined(UMICH)
+    if (ktype != -1)
+#endif
     keyblock->enctype = ktype;
 
     if (kvnop)

More information about the krb5-bugs mailing list