diff options
Diffstat (limited to 'src/lib/krb5/keytab')
-rw-r--r-- | src/lib/krb5/keytab/ChangeLog | 24 | ||||
-rw-r--r-- | src/lib/krb5/keytab/Makefile.in | 2 | ||||
-rw-r--r-- | src/lib/krb5/keytab/file/ChangeLog | 13 | ||||
-rw-r--r-- | src/lib/krb5/keytab/file/ktf_g_ent.c | 34 | ||||
-rw-r--r-- | src/lib/krb5/keytab/ktfns.c | 80 | ||||
-rw-r--r-- | src/lib/krb5/keytab/ktfr_entry.c | 10 | ||||
-rw-r--r-- | src/lib/krb5/keytab/srvtab/ChangeLog | 10 | ||||
-rw-r--r-- | src/lib/krb5/keytab/srvtab/kts_g_ent.c | 1 | ||||
-rw-r--r-- | src/lib/krb5/keytab/srvtab/kts_util.c | 2 |
9 files changed, 170 insertions, 6 deletions
diff --git a/src/lib/krb5/keytab/ChangeLog b/src/lib/krb5/keytab/ChangeLog index fa1e715..ab4e5e4 100644 --- a/src/lib/krb5/keytab/ChangeLog +++ b/src/lib/krb5/keytab/ChangeLog @@ -1,3 +1,27 @@ +2003-04-01 Nalin Dahyabhai <nalin@redhat.com> + + * kt_file.c (krb5_ktfileint_internal_read_entry): Use + krb5_princ_size instead of direct field access. + (krb5_ktfileint_write_entry, krb5_ktfileint_size_entry): + Likewise. + +2002-04-05 Danilo Almeida <dalmeida@mit.edu> + + * Makefile.in: Build kt accessor functions on Windows. + + * ktfr_entry.c: Rename krb5_kt_free_entry_contents as + krb5_free_keytab_entry_contents to make it consistent with rest of + API. + +2002-04-02 Ken Raeburn <raeburn@mit.edu> + + * ktfr_entry.c (krb5_kt_free_entry_contents): Rename from + krb5_kt_free_entry, keep old name as wrapper. + +2000-04-01 Miro Jurisic <meeroh@mit.edu> + + * ktfns.c: Merged from trunk + 2000-03-12 Ezra Peisach <epeisach@mit.edu> * ktbase.c (krb5_kt_resolve): Change prototype from const to diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in index 66677a1..7d2b023 100644 --- a/src/lib/krb5/keytab/Makefile.in +++ b/src/lib/krb5/keytab/Makefile.in @@ -35,6 +35,8 @@ SRCS= \ $(srcdir)/ktremove.c \ $(srcdir)/read_servi.c +##DOS##OBJS=$(OBJS) $(OUTPRE)ktfns.$(OBJEXT) + all-windows:: subdirs $(OBJFILE) ##DOSsubdirs:: file\$(OUTPRE)file.lst srvtab\$(OUTPRE)srvtab.lst diff --git a/src/lib/krb5/keytab/file/ChangeLog b/src/lib/krb5/keytab/file/ChangeLog index 4be401b..d0ececa 100644 --- a/src/lib/krb5/keytab/file/ChangeLog +++ b/src/lib/krb5/keytab/file/ChangeLog @@ -1,3 +1,16 @@ +2002-01-30 Ken Raeburn <raeburn@mit.edu> + + * ktf_g_ent.c (krb5_ktfile_get_entry): For non-zero kvno, match + only low 8 bits. For zero kvno, if any kvno in the keytab is over + 240, assume we're dealing with numbers 128 through (127+256) + instead. This allows for wrapping at 256 while retaining a small + set of consecutively numbered prior keys in the keytab. + +2001-11-19 Tom Yu <tlyu@mit.edu> + + * ktf_g_ent.c (krb5_ktfile_get_entry): Coerce enctype for now to + restore 1.0.x enctype similarity behavior. + 1999-10-26 Tom Yu <tlyu@mit.edu> * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, diff --git a/src/lib/krb5/keytab/file/ktf_g_ent.c b/src/lib/krb5/keytab/file/ktf_g_ent.c index b45ab6f..905ff6c 100644 --- a/src/lib/krb5/keytab/file/ktf_g_ent.c +++ b/src/lib/krb5/keytab/file/ktf_g_ent.c @@ -45,6 +45,7 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry) krb5_error_code kerror = 0; int found_wrong_kvno = 0; krb5_boolean similar; + int kvno_offset = 0; /* Open the keyfile for reading */ if ((kerror = krb5_ktfileint_openr(context, id))) @@ -81,6 +82,14 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry) krb5_kt_free_entry(context, &new_entry); continue; } + /* + * Coerce the enctype of the output keyblock in case we + * got an inexact match on the enctype; this behavior will + * go away when the key storage architecture gets + * redesigned for 1.3. + */ + new_entry.key.enctype = enctype; + } /* if the principal isn't the one requested, free new_entry @@ -95,9 +104,24 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry) /* if this is the first match, or if the new vno is bigger, free the current and keep the new. Otherwise, free the new. */ - + /* A 1.2.x keytab contains only the low 8 bits of the key + version number. Since it can be much bigger, and thus + the 8-bit value can wrap, we need some heuristics to + figure out the "highest" numbered key if some numbers + close to 255 and some near 0 are used. + + The heuristic here: + + If we have any keys with versions over 240, then assume + that all version numbers 0-127 refer to 256+N instead. + Not perfect, but maybe good enough? */ + +#define M(VNO) (((VNO) - kvno_offset + 256) % 256) + + if (new_entry.vno > 240) + kvno_offset = 128; if (! cur_entry.principal || - (new_entry.vno > cur_entry.vno)) { + M(new_entry.vno) > M(cur_entry.vno)) { krb5_kt_free_entry(context, &cur_entry); cur_entry = new_entry; } else { @@ -108,8 +132,12 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry) be one?), keep the new, and break out. Otherwise, remember that we were here so we can return the right error, and free the new */ + /* Yuck. The krb5-1.2.x keytab format only stores one byte + for the kvno, so we're toast if the kvno requested is + higher than that. Short-term workaround: only compare + the low 8 bits. */ - if (new_entry.vno == kvno) { + if (new_entry.vno == (kvno & 0xff)) { krb5_kt_free_entry(context, &cur_entry); cur_entry = new_entry; break; diff --git a/src/lib/krb5/keytab/ktfns.c b/src/lib/krb5/keytab/ktfns.c new file mode 100644 index 0000000..5bd6b40 --- /dev/null +++ b/src/lib/krb5/keytab/ktfns.c @@ -0,0 +1,80 @@ +/* + * lib/krb5/keytab/ktfns.c + * + * Copyright 2001 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +/* + * Dispatch methods for keytab code. + */ + +#include "krb5.h" +#include "k5-int.h" + +char * KRB5_CALLCONV +krb5_kt_get_type (krb5_context context, krb5_keytab keytab) +{ + return keytab->ops->prefix; +} + +krb5_error_code KRB5_CALLCONV +krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, + unsigned int namelen) +{ + return krb5_x((keytab)->ops->get_name,(context, keytab,name,namelen)); +} + +krb5_error_code KRB5_CALLCONV +krb5_kt_close(krb5_context context, krb5_keytab keytab) +{ + return krb5_x((keytab)->ops->close,(context, keytab)); +} + +krb5_error_code KRB5_CALLCONV +krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, + krb5_const_principal principal, krb5_kvno vno, + krb5_enctype enctype, krb5_keytab_entry *entry) +{ + return krb5_x((keytab)->ops->get,(context, keytab, principal, vno, enctype, entry)); +} + +krb5_error_code KRB5_CALLCONV +krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab, + krb5_kt_cursor *cursor) +{ + return krb5_x((keytab)->ops->start_seq_get,(context, keytab, cursor)); +} + +krb5_error_code KRB5_CALLCONV +krb5_kt_next_entry(krb5_context context, krb5_keytab keytab, + krb5_keytab_entry *entry, krb5_kt_cursor *cursor) +{ + return krb5_x((keytab)->ops->get_next,(context, keytab, entry, cursor)); +} + +krb5_error_code KRB5_CALLCONV +krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, + krb5_kt_cursor *cursor) +{ + return krb5_x((keytab)->ops->end_get,(context, keytab, cursor)); +} diff --git a/src/lib/krb5/keytab/ktfr_entry.c b/src/lib/krb5/keytab/ktfr_entry.c index ddccb17..abd5d4d 100644 --- a/src/lib/krb5/keytab/ktfr_entry.c +++ b/src/lib/krb5/keytab/ktfr_entry.c @@ -30,7 +30,7 @@ #include "k5-int.h" KRB5_DLLIMP krb5_error_code KRB5_CALLCONV -krb5_kt_free_entry (context, entry) +krb5_free_keytab_entry_contents (context, entry) krb5_context context; krb5_keytab_entry FAR *entry; { @@ -44,3 +44,11 @@ krb5_kt_free_entry (context, entry) } return 0; } + +KRB5_DLLIMP krb5_error_code KRB5_CALLCONV +krb5_kt_free_entry (context, entry) + krb5_context context; + krb5_keytab_entry FAR *entry; +{ + return krb5_free_keytab_entry_contents (context, entry); +} diff --git a/src/lib/krb5/keytab/srvtab/ChangeLog b/src/lib/krb5/keytab/srvtab/ChangeLog index a4157a0..8724b71 100644 --- a/src/lib/krb5/keytab/srvtab/ChangeLog +++ b/src/lib/krb5/keytab/srvtab/ChangeLog @@ -1,9 +1,17 @@ +2002-02-28 Alexandra Ellwood <lxs@mit.edu> + * kts_util.c: removed unused variable n + +2002-02-05 Ken Raeburn <raeburn@mit.edu> + + * kts_g_ent.c (krb5_ktsrvtab_get_entry): If a specific DES enctype + was requested, set the key's enctype to it, instead of always + returning des-cbc-crc. + Fri Jan 28 19:53:44 2000 Ezra Peisach <epeisach@mit.edu> * kts_g_ent.c, ktsrvtab.h (krb5_ktsrvtab_get_entry): Change the third argument to krb5_const_principal (from krb5_principal) to agree with krb5_kts_ops entries. - 1999-10-26 Tom Yu <tlyu@mit.edu> diff --git a/src/lib/krb5/keytab/srvtab/kts_g_ent.c b/src/lib/krb5/keytab/srvtab/kts_g_ent.c index e422c38..0237241 100644 --- a/src/lib/krb5/keytab/srvtab/kts_g_ent.c +++ b/src/lib/krb5/keytab/srvtab/kts_g_ent.c @@ -65,6 +65,7 @@ krb5_ktsrvtab_get_entry(context, id, principal, kvno, enctype, entry) best_entry.vno = 0; best_entry.key.contents = 0; while ((kerror = krb5_ktsrvint_read_entry(context, id, &ent)) == 0) { + ent.key.enctype = enctype; if (krb5_principal_compare(context, principal, ent.principal)) { if (kvno == IGNORE_VNO) { if (!best_entry.principal || (best_entry.vno < ent.vno)) { diff --git a/src/lib/krb5/keytab/srvtab/kts_util.c b/src/lib/krb5/keytab/srvtab/kts_util.c index d95aceb..35f4a16 100644 --- a/src/lib/krb5/keytab/srvtab/kts_util.c +++ b/src/lib/krb5/keytab/srvtab/kts_util.c @@ -62,7 +62,7 @@ read_field(fp, s, len) char *s; int len; { - int c, n = 0; + int c = 0; while ((c = getc(fp)) != 0) { if (c == EOF || len <= 1) |