-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 https://fedorahosted.org/freeipa/ticket/723
Here's how I tested: 1) Add a host to IPA 2) ipa-getkeytab -s ipaserver -p host/ipahost -k /tmp/testkeytab -e des-cbc-crc (or any other enctype) 3) klist -k -t -e /tmp/testkeytab must list only that keytab -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk1Cs9AACgkQHsardTLnvCXvmQCgrFLmDjqE595gu+/5PbmDxsWi jf8AoIRIgp72WHr8KQR3GKlmSA7X9ahp =U5Or -----END PGP SIGNATURE-----
From 571860d74d42b0a89d136fad4b0aaf6bd58e7acf Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <[email protected]> Date: Fri, 28 Jan 2011 07:02:30 -0500 Subject: [PATCH] Fix filter_keys in ipa-getkeytab https://fedorahosted.org/freeipa/ticket/723 --- ipa-client/ipa-getkeytab.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c index fa6b49d..f8da317 100644 --- a/ipa-client/ipa-getkeytab.c +++ b/ipa-client/ipa-getkeytab.c @@ -478,7 +478,8 @@ int filter_keys(krb5_context krbctx, struct keys_container *keys, krb5_free_keyblock_contents(krbctx, &ksdata[i].key); krb5_free_data_contents(krbctx, &ksdata[i].salt); for (j = i; j < n-1; j++) { - keys[j] = keys[j + 1]; + ksdata[j] = ksdata[j + 1]; + enctypes[j] = enctypes[j + 1]; } n--; /* new key has been moved to this position, make sure @@ -693,7 +694,10 @@ static int ldap_set_keytab(krb5_context krbctx, for (i = 0; i < keys->nkeys; i++) { ret = ber_scanf(sctrl, "{i}", &encs[i]); - if (ret == LBER_ERROR) break; + if (ret == LBER_ERROR) { + fprintf(stderr, _("ber_scanf() failed, Invalid control ?!\n")); + goto error_out; + } } ret = filter_keys(krbctx, keys, encs); -- 1.7.3.5
jhrozek-freeipa-044-getkeytab.patch.sig
Description: PGP signature
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
