Ignore bad enctypes in krb5_string_to_keysalts()

Fixes a problem where the presence of legacy/unrecognized keysalts in
supported_enctypes would prevent the kadmin programs from starting.

[ghudson@mit.edu: ideally we would put a warning in the kadmind log,
but that is difficult to do when the parsing is done inside a library.
Even adding a trace log is difficult because the kadm5 str_conv
functions do not accept contexts.]

ticket: 8929 (new)

diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c
index 7cf51d3168e10a2a81c135df8deac5411b95f6d7..79829560623778d03d0b98d331b6b1704142a490 100644 (file)
--- a/src/lib/kadm5/str_conv.c
+++ b/src/lib/kadm5/str_conv.c
@@ -340,9 +340,10 @@ krb5_string_to_keysalts(const char *string, const char *tupleseps,
     while ((ksp = strtok_r(p, tseps, &tlasts)) != NULL) {
         /* Pass a null pointer to subsequent calls to strtok_r(). */
         p = NULL;
-        ret = string_to_keysalt(ksp, ksaltseps, &etype, &stype);
-        if (ret)
-            goto cleanup;
+
+        /* Discard unrecognized keysalts. */
+        if (string_to_keysalt(ksp, ksaltseps, &etype, &stype) != 0)
+            continue;
 
         /* Ignore duplicate keysalts if caller asks. */
         if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype))