diff options
Diffstat (limited to 'source4/heimdal/lib/hdb/mkey.c')
-rw-r--r-- | source4/heimdal/lib/hdb/mkey.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/source4/heimdal/lib/hdb/mkey.c b/source4/heimdal/lib/hdb/mkey.c index 360bb33a3a..760eccfd43 100644 --- a/source4/heimdal/lib/hdb/mkey.c +++ b/source4/heimdal/lib/hdb/mkey.c @@ -146,7 +146,7 @@ read_master_keytab(krb5_context context, const char *filename, /* read a MIT master keyfile */ static krb5_error_code read_master_mit(krb5_context context, const char *filename, - hdb_master_key *mkey) + int byteorder, hdb_master_key *mkey) { int fd; krb5_error_code ret; @@ -166,20 +166,16 @@ read_master_mit(krb5_context context, const char *filename, close(fd); return errno; } - krb5_storage_set_flags(sp, KRB5_STORAGE_HOST_BYTEORDER); + krb5_storage_set_flags(sp, byteorder); /* could possibly use ret_keyblock here, but do it with more checks for now */ { ret = krb5_ret_int16(sp, &enctype); if (ret) goto out; - if((htons(enctype) & 0xff00) == 0x3000) { - ret = HEIM_ERR_BAD_MKEY; - krb5_set_error_message(context, ret, "unknown keytype in %s: " - "%#x, expected %#x", - filename, htons(enctype), 0x3000); - goto out; - } + ret = krb5_enctype_valid(context, enctype); + if (ret) + goto out; key.keytype = enctype; ret = krb5_ret_data(sp, &key.keyvalue); if(ret) @@ -330,7 +326,14 @@ hdb_read_master_key(krb5_context context, const char *filename, } else if(buf[0] == 5 && buf[1] >= 1 && buf[1] <= 2) { ret = read_master_keytab(context, filename, mkey); } else { - ret = read_master_mit(context, filename, mkey); + /* + * Check both LittleEndian and BigEndian since they key file + * might be moved from a machine with diffrent byte order, or + * its running on MacOS X that always uses BE master keys. + */ + ret = read_master_mit(context, filename, KRB5_STORAGE_BYTEORDER_LE, mkey); + if (ret) + ret = read_master_mit(context, filename, KRB5_STORAGE_BYTEORDER_BE, mkey); } return ret; } |