Always use the encype we selected
This commit is contained in:
Robbie Harwood
parent
d6ea90094c
commit
c783ca786a
43
Always-use-the-encype-we-selected.patch
Normal file
43
Always-use-the-encype-we-selected.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
From 64bf7f099fe52a214794486d16e3383ff25e8682 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simo Sorce <simo@redhat.com>
|
||||||
|
Date: Tue, 27 Feb 2018 11:59:25 -0500
|
||||||
|
Subject: [PATCH] Always use the encype we selected
|
||||||
|
|
||||||
|
The enctype is selected from the keytab or from the fallback code.
|
||||||
|
Either way make sure to use the enctype stored in the key block.
|
||||||
|
|
||||||
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||||||
|
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Merges: #226
|
||||||
|
(cherry picked from commit d73c96d658059ce64ecd41ff2924071d86f2b54f)
|
||||||
|
---
|
||||||
|
src/gp_export.c | 7 +++----
|
||||||
|
1 file changed, 3 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/gp_export.c b/src/gp_export.c
|
||||||
|
index c9f5fd4..5e8e160 100644
|
||||||
|
--- a/src/gp_export.c
|
||||||
|
+++ b/src/gp_export.c
|
||||||
|
@@ -168,11 +168,10 @@ uint32_t gp_init_creds_handle(uint32_t *min, const char *svc_name,
|
||||||
|
GP_CREDS_HANDLE_KEY_ENCTYPE, 0,
|
||||||
|
&handle->key);
|
||||||
|
if (ret == 0) {
|
||||||
|
- ret = krb5_c_make_random_key(handle->context,
|
||||||
|
- GP_CREDS_HANDLE_KEY_ENCTYPE,
|
||||||
|
+ ret = krb5_c_make_random_key(handle->context, handle->key->enctype,
|
||||||
|
handle->key);
|
||||||
|
GPDEBUG("Service: %s, Enckey: [ephemeral], Enctype: %d\n",
|
||||||
|
- svc_name, GP_CREDS_HANDLE_KEY_ENCTYPE);
|
||||||
|
+ svc_name, handle->key->enctype);
|
||||||
|
}
|
||||||
|
if (ret) {
|
||||||
|
ret_min = ret;
|
||||||
|
@@ -254,7 +253,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,
|
||||||
|
|
||||||
|
memset(&enc_handle, '\0', sizeof(krb5_enc_data));
|
||||||
|
|
||||||
|
- enc_handle.enctype = GP_CREDS_HANDLE_KEY_ENCTYPE;
|
||||||
|
+ enc_handle.enctype = key->enctype;
|
||||||
|
enc_handle.ciphertext.data = in->octet_string_val;
|
||||||
|
enc_handle.ciphertext.length = in->octet_string_len;
|
||||||
|
|
||||||
@ -1,7 +1,7 @@
|
|||||||
Name: gssproxy
|
Name: gssproxy
|
||||||
|
|
||||||
Version: 0.8.0
|
Version: 0.8.0
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: GSSAPI Proxy
|
Summary: GSSAPI Proxy
|
||||||
|
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
@ -108,6 +108,9 @@ mkdir -p %{buildroot}%{gpstatedir}/rcache
|
|||||||
%systemd_postun_with_restart gssproxy.service
|
%systemd_postun_with_restart gssproxy.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Feb 27 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-2
|
||||||
|
- Always use the encype we selected
|
||||||
|
|
||||||
* Fri Feb 09 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-1
|
* Fri Feb 09 2018 Robbie Harwood <rharwood@redhat.com> - 0.8.0-1
|
||||||
- Release version 0.8.0
|
- Release version 0.8.0
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user