aboutsummaryrefslogtreecommitdiff
path: root/src/lib/krb5/keytab
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/krb5/keytab')
-rw-r--r--src/lib/krb5/keytab/ChangeLog24
-rw-r--r--src/lib/krb5/keytab/Makefile.in2
-rw-r--r--src/lib/krb5/keytab/file/ChangeLog13
-rw-r--r--src/lib/krb5/keytab/file/ktf_g_ent.c34
-rw-r--r--src/lib/krb5/keytab/ktfns.c80
-rw-r--r--src/lib/krb5/keytab/ktfr_entry.c10
-rw-r--r--src/lib/krb5/keytab/srvtab/ChangeLog10
-rw-r--r--src/lib/krb5/keytab/srvtab/kts_g_ent.c1
-rw-r--r--src/lib/krb5/keytab/srvtab/kts_util.c2
9 files changed, 170 insertions, 6 deletions
diff --git a/src/lib/krb5/keytab/ChangeLog b/src/lib/krb5/keytab/ChangeLog
index fa1e715..ab4e5e4 100644
--- a/src/lib/krb5/keytab/ChangeLog
+++ b/src/lib/krb5/keytab/ChangeLog
@@ -1,3 +1,27 @@
+2003-04-01 Nalin Dahyabhai <nalin@redhat.com>
+
+ * kt_file.c (krb5_ktfileint_internal_read_entry): Use
+ krb5_princ_size instead of direct field access.
+ (krb5_ktfileint_write_entry, krb5_ktfileint_size_entry):
+ Likewise.
+
+2002-04-05 Danilo Almeida <dalmeida@mit.edu>
+
+ * Makefile.in: Build kt accessor functions on Windows.
+
+ * ktfr_entry.c: Rename krb5_kt_free_entry_contents as
+ krb5_free_keytab_entry_contents to make it consistent with rest of
+ API.
+
+2002-04-02 Ken Raeburn <raeburn@mit.edu>
+
+ * ktfr_entry.c (krb5_kt_free_entry_contents): Rename from
+ krb5_kt_free_entry, keep old name as wrapper.
+
+2000-04-01 Miro Jurisic <meeroh@mit.edu>
+
+ * ktfns.c: Merged from trunk
+
2000-03-12 Ezra Peisach <epeisach@mit.edu>
* ktbase.c (krb5_kt_resolve): Change prototype from const to
diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in
index 66677a1..7d2b023 100644
--- a/src/lib/krb5/keytab/Makefile.in
+++ b/src/lib/krb5/keytab/Makefile.in
@@ -35,6 +35,8 @@ SRCS= \
$(srcdir)/ktremove.c \
$(srcdir)/read_servi.c
+##DOS##OBJS=$(OBJS) $(OUTPRE)ktfns.$(OBJEXT)
+
all-windows:: subdirs $(OBJFILE)
##DOSsubdirs:: file\$(OUTPRE)file.lst srvtab\$(OUTPRE)srvtab.lst
diff --git a/src/lib/krb5/keytab/file/ChangeLog b/src/lib/krb5/keytab/file/ChangeLog
index 4be401b..d0ececa 100644
--- a/src/lib/krb5/keytab/file/ChangeLog
+++ b/src/lib/krb5/keytab/file/ChangeLog
@@ -1,3 +1,16 @@
+2002-01-30 Ken Raeburn <raeburn@mit.edu>
+
+ * ktf_g_ent.c (krb5_ktfile_get_entry): For non-zero kvno, match
+ only low 8 bits. For zero kvno, if any kvno in the keytab is over
+ 240, assume we're dealing with numbers 128 through (127+256)
+ instead. This allows for wrapping at 256 while retaining a small
+ set of consecutively numbered prior keys in the keytab.
+
+2001-11-19 Tom Yu <tlyu@mit.edu>
+
+ * ktf_g_ent.c (krb5_ktfile_get_entry): Coerce enctype for now to
+ restore 1.0.x enctype similarity behavior.
+
1999-10-26 Tom Yu <tlyu@mit.edu>
* Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
diff --git a/src/lib/krb5/keytab/file/ktf_g_ent.c b/src/lib/krb5/keytab/file/ktf_g_ent.c
index b45ab6f..905ff6c 100644
--- a/src/lib/krb5/keytab/file/ktf_g_ent.c
+++ b/src/lib/krb5/keytab/file/ktf_g_ent.c
@@ -45,6 +45,7 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry)
krb5_error_code kerror = 0;
int found_wrong_kvno = 0;
krb5_boolean similar;
+ int kvno_offset = 0;
/* Open the keyfile for reading */
if ((kerror = krb5_ktfileint_openr(context, id)))
@@ -81,6 +82,14 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry)
krb5_kt_free_entry(context, &new_entry);
continue;
}
+ /*
+ * Coerce the enctype of the output keyblock in case we
+ * got an inexact match on the enctype; this behavior will
+ * go away when the key storage architecture gets
+ * redesigned for 1.3.
+ */
+ new_entry.key.enctype = enctype;
+
}
/* if the principal isn't the one requested, free new_entry
@@ -95,9 +104,24 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry)
/* if this is the first match, or if the new vno is
bigger, free the current and keep the new. Otherwise,
free the new. */
-
+ /* A 1.2.x keytab contains only the low 8 bits of the key
+ version number. Since it can be much bigger, and thus
+ the 8-bit value can wrap, we need some heuristics to
+ figure out the "highest" numbered key if some numbers
+ close to 255 and some near 0 are used.
+
+ The heuristic here:
+
+ If we have any keys with versions over 240, then assume
+ that all version numbers 0-127 refer to 256+N instead.
+ Not perfect, but maybe good enough? */
+
+#define M(VNO) (((VNO) - kvno_offset + 256) % 256)
+
+ if (new_entry.vno > 240)
+ kvno_offset = 128;
if (! cur_entry.principal ||
- (new_entry.vno > cur_entry.vno)) {
+ M(new_entry.vno) > M(cur_entry.vno)) {
krb5_kt_free_entry(context, &cur_entry);
cur_entry = new_entry;
} else {
@@ -108,8 +132,12 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry)
be one?), keep the new, and break out. Otherwise, remember
that we were here so we can return the right error, and
free the new */
+ /* Yuck. The krb5-1.2.x keytab format only stores one byte
+ for the kvno, so we're toast if the kvno requested is
+ higher than that. Short-term workaround: only compare
+ the low 8 bits. */
- if (new_entry.vno == kvno) {
+ if (new_entry.vno == (kvno & 0xff)) {
krb5_kt_free_entry(context, &cur_entry);
cur_entry = new_entry;
break;
diff --git a/src/lib/krb5/keytab/ktfns.c b/src/lib/krb5/keytab/ktfns.c
new file mode 100644
index 0000000..5bd6b40
--- /dev/null
+++ b/src/lib/krb5/keytab/ktfns.c
@@ -0,0 +1,80 @@
+/*
+ * lib/krb5/keytab/ktfns.c
+ *
+ * Copyright 2001 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+/*
+ * Dispatch methods for keytab code.
+ */
+
+#include "krb5.h"
+#include "k5-int.h"
+
+char * KRB5_CALLCONV
+krb5_kt_get_type (krb5_context context, krb5_keytab keytab)
+{
+ return keytab->ops->prefix;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name,
+ unsigned int namelen)
+{
+ return krb5_x((keytab)->ops->get_name,(context, keytab,name,namelen));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_close(krb5_context context, krb5_keytab keytab)
+{
+ return krb5_x((keytab)->ops->close,(context, keytab));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
+ krb5_const_principal principal, krb5_kvno vno,
+ krb5_enctype enctype, krb5_keytab_entry *entry)
+{
+ return krb5_x((keytab)->ops->get,(context, keytab, principal, vno, enctype, entry));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
+ krb5_kt_cursor *cursor)
+{
+ return krb5_x((keytab)->ops->start_seq_get,(context, keytab, cursor));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
+ krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
+{
+ return krb5_x((keytab)->ops->get_next,(context, keytab, entry, cursor));
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
+ krb5_kt_cursor *cursor)
+{
+ return krb5_x((keytab)->ops->end_get,(context, keytab, cursor));
+}
diff --git a/src/lib/krb5/keytab/ktfr_entry.c b/src/lib/krb5/keytab/ktfr_entry.c
index ddccb17..abd5d4d 100644
--- a/src/lib/krb5/keytab/ktfr_entry.c
+++ b/src/lib/krb5/keytab/ktfr_entry.c
@@ -30,7 +30,7 @@
#include "k5-int.h"
KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
-krb5_kt_free_entry (context, entry)
+krb5_free_keytab_entry_contents (context, entry)
krb5_context context;
krb5_keytab_entry FAR *entry;
{
@@ -44,3 +44,11 @@ krb5_kt_free_entry (context, entry)
}
return 0;
}
+
+KRB5_DLLIMP krb5_error_code KRB5_CALLCONV
+krb5_kt_free_entry (context, entry)
+ krb5_context context;
+ krb5_keytab_entry FAR *entry;
+{
+ return krb5_free_keytab_entry_contents (context, entry);
+}
diff --git a/src/lib/krb5/keytab/srvtab/ChangeLog b/src/lib/krb5/keytab/srvtab/ChangeLog
index a4157a0..8724b71 100644
--- a/src/lib/krb5/keytab/srvtab/ChangeLog
+++ b/src/lib/krb5/keytab/srvtab/ChangeLog
@@ -1,9 +1,17 @@
+2002-02-28 Alexandra Ellwood <lxs@mit.edu>
+ * kts_util.c: removed unused variable n
+
+2002-02-05 Ken Raeburn <raeburn@mit.edu>
+
+ * kts_g_ent.c (krb5_ktsrvtab_get_entry): If a specific DES enctype
+ was requested, set the key's enctype to it, instead of always
+ returning des-cbc-crc.
+
Fri Jan 28 19:53:44 2000 Ezra Peisach <epeisach@mit.edu>
* kts_g_ent.c, ktsrvtab.h (krb5_ktsrvtab_get_entry): Change the
third argument to krb5_const_principal (from krb5_principal) to
agree with krb5_kts_ops entries.
-
1999-10-26 Tom Yu <tlyu@mit.edu>
diff --git a/src/lib/krb5/keytab/srvtab/kts_g_ent.c b/src/lib/krb5/keytab/srvtab/kts_g_ent.c
index e422c38..0237241 100644
--- a/src/lib/krb5/keytab/srvtab/kts_g_ent.c
+++ b/src/lib/krb5/keytab/srvtab/kts_g_ent.c
@@ -65,6 +65,7 @@ krb5_ktsrvtab_get_entry(context, id, principal, kvno, enctype, entry)
best_entry.vno = 0;
best_entry.key.contents = 0;
while ((kerror = krb5_ktsrvint_read_entry(context, id, &ent)) == 0) {
+ ent.key.enctype = enctype;
if (krb5_principal_compare(context, principal, ent.principal)) {
if (kvno == IGNORE_VNO) {
if (!best_entry.principal || (best_entry.vno < ent.vno)) {
diff --git a/src/lib/krb5/keytab/srvtab/kts_util.c b/src/lib/krb5/keytab/srvtab/kts_util.c
index d95aceb..35f4a16 100644
--- a/src/lib/krb5/keytab/srvtab/kts_util.c
+++ b/src/lib/krb5/keytab/srvtab/kts_util.c
@@ -62,7 +62,7 @@ read_field(fp, s, len)
char *s;
int len;
{
- int c, n = 0;
+ int c = 0;
while ((c = getc(fp)) != 0) {
if (c == EOF || len <= 1)
generated by cgit v1.1 at 2024-08-01 15:53:46 +0000