sssd/0017-secrets-default-to-plaintext-if-enctype-attr-is-miss.patch

44 lines
1.7 KiB
Diff
Raw Normal View History

2020-12-07 16:20:34 +00:00
From 36e4dc6c9a48ee62345839a9df14e0494c99bf59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 26 Nov 2020 11:47:24 +0100
Subject: [PATCH 17/19] secrets: default to "plaintext" if "enctype" attr is
missing
This is a sane fallback behavior, however it should not happen since
the attribute should be always present.
---
src/util/secrets/secrets.c | 17 ++++++-----------
1 file changed, 6 insertions(+), 11 deletions(-)
diff --git a/src/util/secrets/secrets.c b/src/util/secrets/secrets.c
index 1000757228bea75bb2d5c48aceb717c9bfe35ffb..58c96e18f03865df0249c4c899ad88e385b782c8 100644
--- a/src/util/secrets/secrets.c
+++ b/src/util/secrets/secrets.c
@@ -1071,17 +1071,12 @@ errno_t sss_sec_get(TALLOC_CTX *mem_ctx,
goto done;
}
- attr_enctype = ldb_msg_find_attr_as_string(res->msgs[0], "enctype", NULL);
-
- if (attr_enctype) {
- enctype = sss_sec_str_to_enctype(attr_enctype);
- ret = local_decrypt(req->sctx, tmp_ctx, attr_secret->data,
- attr_secret->length, enctype, &secret, &secret_len);
- if (ret) goto done;
- } else {
- secret = talloc_steal(tmp_ctx, attr_secret->data);
- secret_len = attr_secret->length;
- }
+ attr_enctype = ldb_msg_find_attr_as_string(res->msgs[0], "enctype",
+ "plaintext");
+ enctype = sss_sec_str_to_enctype(attr_enctype);
+ ret = local_decrypt(req->sctx, tmp_ctx, attr_secret->data,
+ attr_secret->length, enctype, &secret, &secret_len);
+ if (ret) goto done;
if (_datatype != NULL) {
attr_datatype = ldb_msg_find_attr_as_string(res->msgs[0], "type",
--
2.25.4