1f3cc3
From 64bf7f099fe52a214794486d16e3383ff25e8682 Mon Sep 17 00:00:00 2001
1f3cc3
From: Simo Sorce <simo@redhat.com>
1f3cc3
Date: Tue, 27 Feb 2018 11:59:25 -0500
1f3cc3
Subject: [PATCH] Always use the encype we selected
1f3cc3
1f3cc3
The enctype is selected from the keytab or from the fallback code.
1f3cc3
Either way make sure to use the enctype stored in the key block.
1f3cc3
1f3cc3
Signed-off-by: Simo Sorce <simo@redhat.com>
1f3cc3
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
1f3cc3
Merges: #226
1f3cc3
(cherry picked from commit d73c96d658059ce64ecd41ff2924071d86f2b54f)
1f3cc3
---
1f3cc3
 src/gp_export.c | 7 +++----
1f3cc3
 1 file changed, 3 insertions(+), 4 deletions(-)
1f3cc3
1f3cc3
diff --git a/src/gp_export.c b/src/gp_export.c
1f3cc3
index c9f5fd4..5e8e160 100644
1f3cc3
--- a/src/gp_export.c
1f3cc3
+++ b/src/gp_export.c
1f3cc3
@@ -168,11 +168,10 @@ uint32_t gp_init_creds_handle(uint32_t *min, const char *svc_name,
1f3cc3
                                  GP_CREDS_HANDLE_KEY_ENCTYPE, 0,
1f3cc3
                                  &handle->key);
1f3cc3
         if (ret == 0) {
1f3cc3
-            ret = krb5_c_make_random_key(handle->context,
1f3cc3
-                                         GP_CREDS_HANDLE_KEY_ENCTYPE,
1f3cc3
+            ret = krb5_c_make_random_key(handle->context, handle->key->enctype,
1f3cc3
                                          handle->key);
1f3cc3
             GPDEBUG("Service: %s, Enckey: [ephemeral], Enctype: %d\n",
1f3cc3
-                    svc_name, GP_CREDS_HANDLE_KEY_ENCTYPE);
1f3cc3
+                    svc_name, handle->key->enctype);
1f3cc3
         }
1f3cc3
         if (ret) {
1f3cc3
             ret_min = ret;
1f3cc3
@@ -254,7 +253,7 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,
1f3cc3
 
1f3cc3
     memset(&enc_handle, '\0', sizeof(krb5_enc_data));
1f3cc3
 
1f3cc3
-    enc_handle.enctype = GP_CREDS_HANDLE_KEY_ENCTYPE;
1f3cc3
+    enc_handle.enctype = key->enctype;
1f3cc3
     enc_handle.ciphertext.data = in->octet_string_val;
1f3cc3
     enc_handle.ciphertext.length = in->octet_string_len;
1f3cc3