From d8166808a98fd1c3772de5d75e27656ed2ab124d Mon Sep 17 00:00:00 2001

From: Simo Sorce <simo@redhat.com>

Date: Tue, 27 Feb 2018 11:59:25 -0500

Subject: [PATCH] Always use the encype we selected

The enctype is selected from the keytab or from the fallback code.

Either way make sure to use the enctype stored in the key block.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Robbie Harwood <rharwood@redhat.com>

Merges: #226

(cherry picked from commit d73c96d658059ce64ecd41ff2924071d86f2b54f)

---

 proxy/src/gp_export.c | 7 +++----

 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c

index c9f5fd4..5e8e160 100644

--- a/proxy/src/gp_export.c

+++ b/proxy/src/gp_export.c

@@ -168,11 +168,10 @@ uint32_t gp_init_creds_handle(uint32_t *min, const char *svc_name,

                                  GP_CREDS_HANDLE_KEY_ENCTYPE, 0,

                                  &handle->key);

         if (ret == 0) {

-            ret = krb5_c_make_random_key(handle->context,

-                                         GP_CREDS_HANDLE_KEY_ENCTYPE,

+            ret = krb5_c_make_random_key(handle->context, handle->key->enctype,

                                          handle->key);

             GPDEBUG("Service: %s, Enckey: [ephemeral], Enctype: %d\n",

-                    svc_name, GP_CREDS_HANDLE_KEY_ENCTYPE);

+                    svc_name, handle->key->enctype);

         }

         if (ret) {

             ret_min = ret;

@@ -254,7 +253,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,

     memset(&enc_handle, '\0', sizeof(krb5_enc_data));

-    enc_handle.enctype = GP_CREDS_HANDLE_KEY_ENCTYPE;

+    enc_handle.enctype = key->enctype;

     enc_handle.ciphertext.data = in->octet_string_val;

     enc_handle.ciphertext.length = in->octet_string_len;