diff options
| author | Simo Sorce <simo@redhat.com> | 2014-06-26 11:43:47 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-06-27 10:03:23 +0200 |
| commit | d9d5967f7e1a11d77dee4bba00f10763b8ac2ec5 (patch) | |
| tree | 39733e0c31483f1640841bf1e185d14f81b1b125 /ipa-client | |
| parent | 0d219379954d311f3cac0007386dc0e21c8ec432 (diff) | |
| download | freeipa-d9d5967f7e1a11d77dee4bba00f10763b8ac2ec5.tar.gz freeipa-d9d5967f7e1a11d77dee4bba00f10763b8ac2ec5.tar.xz freeipa-d9d5967f7e1a11d77dee4bba00f10763b8ac2ec5.zip | |
Fix getkeytab code to always use implicit tagging.
A mixture of implicit and explicit tagging was being used and this caused
a bug in retrieving the enctype number due to the way ber_scanf() loosely
treat sequences and explicit tagging.
The ASN.1 notation used to describe the getkeytab operation uses implicit
tagging, so by changing the code we simply follow to the specified encoding.
Resolves: https://fedorahosted.org/freeipa/ticket/4404
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipa-client')
| -rw-r--r-- | ipa-client/ipa-getkeytab.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c index 74a8800bc..d0e975f1a 100644 --- a/ipa-client/ipa-getkeytab.c +++ b/ipa-client/ipa-getkeytab.c @@ -503,7 +503,7 @@ static struct berval *create_getkeytab_control(const char *svc_princ, bool gen, ctag = GK_REQUEST_CURKEYS; } - ret = ber_printf(be, "t{t[s]", ctag, GKREQ_SVCNAME_TAG, svc_princ); + ret = ber_printf(be, "t{ts", ctag, GKREQ_SVCNAME_TAG, svc_princ); if (ret == -1) { ber_free(be, 1); goto done; @@ -530,7 +530,7 @@ static struct berval *create_getkeytab_control(const char *svc_princ, bool gen, } if (password) { - ret = ber_printf(be, "t[s]", GKREQ_PASSWORD_TAG, password); + ret = ber_printf(be, "ts", GKREQ_PASSWORD_TAG, password); if (ret == -1) { ber_free(be, 1); goto done; @@ -642,7 +642,7 @@ static int ldap_get_keytab(krb5_context krbctx, bool generate, char *password, memset(&keys->ksdata[i], 0, sizeof(struct krb_key_salt)); keys->nkeys = i + 1; - rtag = ber_scanf(ber, "{t{[i][o]}]", &ctag, &tint, &tbval); + rtag = ber_scanf(ber, "{t{io}", &ctag, &tint, &tbval); if (rtag == LBER_ERROR || ctag != GKREP_KEY_TAG) { *err_msg = _("Failed to parse enctype in key data!\n"); ret = LDAP_OPERATIONS_ERROR; @@ -662,7 +662,7 @@ static int ldap_get_keytab(krb5_context krbctx, bool generate, char *password, rtag = ber_peek_tag(ber, &tlen); if (rtag == GKREP_SALT_TAG) { - rtag = ber_scanf(ber, "t{[i][o]}", &ctag, &tint, &tbval); + rtag = ber_scanf(ber, "t{io}", &ctag, &tint, &tbval); if (rtag == LBER_ERROR) { *err_msg = _("Failed to parse salt in key data!\n"); ret = LDAP_OPERATIONS_ERROR; |