krb5/patches/krb5-kvno-230379.patch

   1 From patch attached to http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349,
   2 at http://krbdev.mit.edu/rt/Ticket/Attachment/23851/13214/kvno.diff, adjusted
   3 as needed to apply to 1.10.  FIXME: I'd like to better handle cases where we
   4 have a new key with the right version stored later in the keytab file.
   5 Currently, we're setting up to overlook that possibility.
   6
   7 Note that this only affects the path taken when krb5_rd_rep() is passed a
   8 server principal name, as without a server principal name it already tries
   9 all of the keys it finds in the keytab, regardless of version numbers.
  10
  11 Index: krb5/src/kadmin/ktutil/ktutil.c
  12 ===================================================================
  13 --- krb5/src/kadmin/ktutil/ktutil.c     (revision 3367)
  14 +++ krb5/src/kadmin/ktutil/ktutil.c     (working copy)
  15 @@ -155,7 +155,7 @@
  16      char *princ = NULL;
  17      char *enctype = NULL;
  18      krb5_kvno kvno = 0;
  19 -    int use_pass = 0, use_key = 0, i;
  20 +    int use_pass = 0, use_key = 0, use_kvno = 0, i;
  21
  22      for (i = 1; i < argc; i++) {
  23          if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
  24 @@ -164,6 +164,7 @@
  25          }
  26          if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
  27              kvno = (krb5_kvno) atoi(argv[++i]);
  28 +            use_kvno++;
  29              continue;
  30          }
  31          if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
  32 @@ -180,7 +181,7 @@
  33          }
  34      }
  35
  36 -    if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) {
  37 +    if (argc != 8 || !(princ && use_kvno && enctype) || (use_pass+use_key != 1)) {
  38          fprintf(stderr, _("usage: %s (-key | -password) -p principal "
  39                            "-k kvno -e enctype\n"), argv[0]);
  40          return;
  41 Index: krb5/src/lib/krb5/keytab/kt_file.c
  42 ===================================================================
  43 --- krb5/src/lib/krb5/keytab/kt_file.c  (revision 3367)
  44 +++ krb5/src/lib/krb5/keytab/kt_file.c  (working copy)
  45 @@ -349,7 +349,7 @@
  46                 higher than that.  Short-term workaround: only compare
  47                 the low 8 bits.  */
  48
  49 -            if (new_entry.vno == (kvno & 0xff)) {
  50 +            if (new_entry.vno == (kvno & 0xff) || new_entry.vno == IGNORE_VNO) {
  51                  krb5_kt_free_entry(context, &cur_entry);
  52                  cur_entry = new_entry;
  53                  break;