From 36e4dc6c9a48ee62345839a9df14e0494c99bf59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Thu, 26 Nov 2020 11:47:24 +0100 Subject: [PATCH 17/19] secrets: default to "plaintext" if "enctype" attr is missing This is a sane fallback behavior, however it should not happen since the attribute should be always present. --- src/util/secrets/secrets.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/src/util/secrets/secrets.c b/src/util/secrets/secrets.c index 1000757228bea75bb2d5c48aceb717c9bfe35ffb..58c96e18f03865df0249c4c899ad88e385b782c8 100644 --- a/src/util/secrets/secrets.c +++ b/src/util/secrets/secrets.c @@ -1071,17 +1071,12 @@ errno_t sss_sec_get(TALLOC_CTX *mem_ctx, goto done; } - attr_enctype = ldb_msg_find_attr_as_string(res->msgs[0], "enctype", NULL); - - if (attr_enctype) { - enctype = sss_sec_str_to_enctype(attr_enctype); - ret = local_decrypt(req->sctx, tmp_ctx, attr_secret->data, - attr_secret->length, enctype, &secret, &secret_len); - if (ret) goto done; - } else { - secret = talloc_steal(tmp_ctx, attr_secret->data); - secret_len = attr_secret->length; - } + attr_enctype = ldb_msg_find_attr_as_string(res->msgs[0], "enctype", + "plaintext"); + enctype = sss_sec_str_to_enctype(attr_enctype); + ret = local_decrypt(req->sctx, tmp_ctx, attr_secret->data, + attr_secret->length, enctype, &secret, &secret_len); + if (ret) goto done; if (_datatype != NULL) { attr_datatype = ldb_msg_find_attr_as_string(res->msgs[0], "type", -- 2.25.4