]>
Commit | Line | Data |
---|---|---|
6cf77d05 SS |
1 | From patch attached to http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349, |
2 | at http://krbdev.mit.edu/rt/Ticket/Attachment/23851/13214/kvno.diff, adjusted | |
3 | as needed to apply to 1.10. FIXME: I'd like to better handle cases where we | |
4 | have a new key with the right version stored later in the keytab file. | |
5 | Currently, we're setting up to overlook that possibility. | |
6 | ||
7 | Note that this only affects the path taken when krb5_rd_rep() is passed a | |
8 | server principal name, as without a server principal name it already tries | |
9 | all of the keys it finds in the keytab, regardless of version numbers. | |
10 | ||
11 | Index: krb5/src/kadmin/ktutil/ktutil.c | |
12 | =================================================================== | |
13 | --- krb5/src/kadmin/ktutil/ktutil.c (revision 3367) | |
14 | +++ krb5/src/kadmin/ktutil/ktutil.c (working copy) | |
15 | @@ -155,7 +155,7 @@ | |
16 | char *princ = NULL; | |
17 | char *enctype = NULL; | |
18 | krb5_kvno kvno = 0; | |
19 | - int use_pass = 0, use_key = 0, i; | |
20 | + int use_pass = 0, use_key = 0, use_kvno = 0, i; | |
21 | ||
22 | for (i = 1; i < argc; i++) { | |
23 | if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) { | |
24 | @@ -164,6 +164,7 @@ | |
25 | } | |
26 | if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) { | |
27 | kvno = (krb5_kvno) atoi(argv[++i]); | |
28 | + use_kvno++; | |
29 | continue; | |
30 | } | |
31 | if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) { | |
32 | @@ -180,7 +181,7 @@ | |
33 | } | |
34 | } | |
35 | ||
36 | - if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) { | |
37 | + if (argc != 8 || !(princ && use_kvno && enctype) || (use_pass+use_key != 1)) { | |
38 | fprintf(stderr, _("usage: %s (-key | -password) -p principal " | |
39 | "-k kvno -e enctype\n"), argv[0]); | |
40 | return; | |
41 | Index: krb5/src/lib/krb5/keytab/kt_file.c | |
42 | =================================================================== | |
43 | --- krb5/src/lib/krb5/keytab/kt_file.c (revision 3367) | |
44 | +++ krb5/src/lib/krb5/keytab/kt_file.c (working copy) | |
45 | @@ -349,7 +349,7 @@ | |
46 | higher than that. Short-term workaround: only compare | |
47 | the low 8 bits. */ | |
48 | ||
49 | - if (new_entry.vno == (kvno & 0xff)) { | |
50 | + if (new_entry.vno == (kvno & 0xff) || new_entry.vno == IGNORE_VNO) { | |
51 | krb5_kt_free_entry(context, &cur_entry); | |
52 | cur_entry = new_entry; | |
53 | break; |