From 91afad7fc60fe6ce86f8d4a8ef4ce53c7cada31a Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 12 Jun 2017 18:51:05 -0400 Subject: [PATCH] Allow unspecified kvno in keytab entries In ktutil, make "-k 0" work when creating a keytab entry. In the keytab implementations, treat entries with unspecified kvnos as low-priority matches. [ghudson@mit.edu: adjusted to current file keytab code; added logic for other keytab types; wrote commit message] ticket: 3349 --- src/kadmin/ktutil/ktutil.c | 6 ++++-- src/lib/krb5/keytab/kt_file.c | 2 +- src/lib/krb5/keytab/kt_memory.c | 2 +- src/lib/krb5/keytab/kt_srvtab.c | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/kadmin/ktutil/ktutil.c b/src/kadmin/ktutil/ktutil.c index ef16d37a56..86e3d9b0cb 100644 --- a/src/kadmin/ktutil/ktutil.c +++ b/src/kadmin/ktutil/ktutil.c @@ -140,7 +140,7 @@ void ktutil_add_entry(argc, argv) char *princ = NULL; char *enctype = NULL; krb5_kvno kvno = 0; - int use_pass = 0, use_key = 0, i; + int use_pass = 0, use_key = 0, use_kvno = 0, i; for (i = 1; i < argc; i++) { if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) { @@ -149,6 +149,7 @@ void ktutil_add_entry(argc, argv) } if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) { kvno = (krb5_kvno) atoi(argv[++i]); + use_kvno++; continue; } if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) { @@ -165,7 +166,8 @@ void ktutil_add_entry(argc, argv) } } - if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) { + if (argc != 8 || !(princ && use_kvno && enctype) || + use_pass + use_key != 1) { fprintf(stderr, _("usage: %s (-key | -password) -p principal " "-k kvno -e enctype\n"), argv[0]); return; diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index f6124aff5d..091f2c43fa 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -359,7 +359,7 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, } - if (kvno == IGNORE_VNO) { + if (kvno == IGNORE_VNO || new_entry.vno == IGNORE_VNO) { /* If this entry is more recent (or the first match), free the * current and keep the new. Otherwise, free the new. */ if (cur_entry.principal == NULL || diff --git a/src/lib/krb5/keytab/kt_memory.c b/src/lib/krb5/keytab/kt_memory.c index e89fdcb4dc..8824adf508 100644 --- a/src/lib/krb5/keytab/kt_memory.c +++ b/src/lib/krb5/keytab/kt_memory.c @@ -403,7 +403,7 @@ krb5_mkt_get_entry(krb5_context context, krb5_keytab id, continue; } - if (kvno == IGNORE_VNO) { + if (kvno == IGNORE_VNO || entry->vno == IGNORE_VNO) { if (match == NULL) match = entry; else if (entry->vno > match->vno) diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c index caa0158ecc..bbfaadfc29 100644 --- a/src/lib/krb5/keytab/kt_srvtab.c +++ b/src/lib/krb5/keytab/kt_srvtab.c @@ -205,7 +205,7 @@ krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_princip while ((kerror = krb5_ktsrvint_read_entry(context, id, &ent)) == 0) { ent.key.enctype = enctype; if (krb5_principal_compare(context, principal, ent.principal)) { - if (kvno == IGNORE_VNO) { + if (kvno == IGNORE_VNO || ent.vno == IGNORE_VNO) { if (!best_entry.principal || (best_entry.vno < ent.vno)) { krb5_kt_free_entry(context, &best_entry); best_entry = ent; -- 2.47.2