[1671] in Kerberos-V5-bugs
Some patches...
daemon@ATHENA.MIT.EDU (Richard Basch)
Mon Oct 16 16:18:35 1995
Date: Mon, 16 Oct 1995 16:17:07 -0400
To: krb5-bugs@MIT.EDU
From: "Richard Basch" <basch@lehman.com>
(Descriptions precede each block of patches, and are delimited with =====)
============================================================================
Patches for kdb5_edit:
1. Allow for non-interactive loads from V4 dumps. Perhaps there should be
an option to specify an alternate V4 master key stash file, but the
following does work and allows for an easy inclusion of such an option.
2. It is not useful for "show <key>" to print the Master key version twice
(once for the "Key version" and once for the "Master key version". Instead,
I think you wanted the actual key version printed in the "Key
version" line.
--- 1.1 1995/10/10 11:12:10
+++ src/admin/edit/loadv4.c 1995/10/16 18:56:53
@@ -37,6 +37,8 @@
static Key_schedule master_key_schedule;
static long master_key_version;
+static char *v4_mkeyfile = "/.k";
+
#include "k5-int.h"
#include "com_err.h"
#include "adm.h"
@@ -434,8 +436,21 @@
int manual;
char *dumpfile;
{
- des_read_password(master_key, "Kerberos master key: ", 1);
- printf("\n");
+ int fd;
+ int ok = 0;
+
+ if (!manual) {
+ fd = open(v4_mkeyfile, O_RDONLY, 0600);
+ if (fd >= 0) {
+ if (read(fd, master_key, sizeof(master_key)) == sizeof(master_key))
+ ok = 1;
+ close(fd);
+ }
+ }
+ if (!ok) {
+ des_read_password(master_key, "V4 Kerberos master key: ", 0);
+ printf("\n");
+ }
key_sched(master_key, master_key_schedule);
return 0;
}
--- 1.1 1995/10/16 20:03:47
+++ src/admin/edit/kdb5_edit.c 1995/10/16 20:07:48
@@ -1089,7 +1089,7 @@
}
printf("Name: %s\n", pr_name);
- printf("Key version: %d\n", entry.mkvno);
+ printf("Key version: %d\n", entry.key_data[0].key_data_kvno);
printf("Maximum life: %s\n", strdur(entry.max_life));
printf("Maximum renewable life: %s\n", strdur(entry.max_renewable_life));
printf("Master key version: %d\n", entry.mkvno);
============================================================================
The following snippit will allow for wildcard matches of sub-domains and
look for a best fit for hostname -> realm translation. While I have
done some checking of the code, and it does seem to work here, I suggest
that someone quickly review the code in case I missed something in the
rework.
--- 1.1 1995/10/05 02:13:37
+++ src/lib/krb5/os/hst_realm.c 1995/10/05 02:16:57
@@ -83,7 +83,7 @@
const char *host;
char ***realmsp;
{
- char **retrealms = NULL;
+ char **retrealms;
char *domain, *default_realm, *realm, *cp;
krb5_error_code retval;
int l;
@@ -104,46 +104,76 @@
/* strip off trailing dot */
if (l && local_host[l-1] == '.')
local_host[l-1] = 0;
- domain = strchr(local_host, '.');
- /* prepare default */
- if (domain) {
- if (!(default_realm = malloc(strlen(domain+1)+1)))
- return ENOMEM;
- strcpy(default_realm, domain+1);
- /* Upper-case realm */
- for (cp = default_realm; *cp; cp++)
- if (islower(*cp))
- *cp = toupper(*cp);
- } else {
- retval = krb5_get_default_realm(context, &default_realm);
- if (retval) {
- krb5_xfree(retrealms);
+ /*
+ Search for the best match for the host or domain.
+ Example: Given a host a.b.c.d, try to match on:
+ 1) A.B.C.D
+ 2) .B.C.D
+ 3) B.C.D
+ 4) .C.D
+ 5) C.D
+ 6) .D
+ 7) D
+ */
+
+ for (cp = local_host; *cp; cp++)
+ if (islower(*cp))
+ *cp = toupper(*cp);
+ cp = local_host;
+ realm = default_realm = (char *)NULL;
+ while (cp) {
+ retval = profile_get_string(context->profile, "domain_realm", cp,
+ 0, (char *)NULL, &realm);
+ if (retval)
return retval;
+ if (realm != (char *)NULL)
+ break; /* Match found */
+
+ /* Setup for another test */
+ if (*cp == '.') {
+ cp++;
+ if (default_realm == (char *)NULL) {
+ /* If nothing else works, use the host's domain */
+ default_realm = cp;
+ }
+ } else {
+ cp = strchr(cp, '.');
}
}
- if (domain) {
- retval = profile_get_string(context->profile, "domain_realm",
- domain, 0, default_realm, &realm);
- free(default_realm);
- if (retval)
+ if (realm != (char *)NULL)
+ {
+ /* We found an exact match */
+ if (!(cp = (char *)malloc(strlen(realm)+1)))
+ return ENOMEM;
+ strcpy(cp, realm);
+ realm = cp;
+ }
+ else if (default_realm != (char *)NULL)
+ {
+ /* We are defaulting to the realm of the host */
+ if (!(cp = (char *)malloc(strlen(default_realm)+1)))
+ return ENOMEM;
+ strcpy(cp, default_realm);
+ realm = cp;
+ }
+ else
+ {
+ /* We are defaulting to the local realm */
+ retval = krb5_get_default_realm(context, &cp);
+ if (retval) {
+ krb5_xfree(retrealms);
return retval;
- default_realm = realm;
+ }
}
-
- retval = profile_get_string(context->profile, "domain_realm", local_host,
- 0, default_realm, &realm);
- free(default_realm);
- if (retval)
- return retval;
-
if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) {
- free(realm);
+ if (realm != (char *)NULL)
+ free(realm);
return ENOMEM;
}
- retrealms[0] = realm;
+ retrealms[0] = cp;
retrealms[1] = 0;
*realmsp = retrealms;
Richard Basch
Lehman Brothers, Inc. Email: basch@lehman.com
101 Hudson Street 33rd Flr. Fax: +1-201-524-5828
Jersey City, NJ 07302 Voice: +1-201-524-5049
