[1842] in Kerberos-V5-bugs
k4/k5 interoperability: k4 read_service_key
daemon@ATHENA.MIT.EDU (Richard Basch)
Fri Mar 22 13:40:33 1996
Date: Fri, 22 Mar 1996 13:32:20 -0500
To: krb5-bugs@MIT.EDU
From: "Richard Basch" <basch@lehman.com>
For machines that are using V5, it may be worth having the V4 routine
first attempt to read the default keytab before trying to read the
srvtab. I suggest this because it is harder keeping two keyfiles in
sync, and a site may chose to go entirely V5 and try to offer a
migration path.
By changing src/lib/krb4/rd_svc_key.c, the v4 rd_req will do the right
thing. Here is my patch...
--- 1.1 1996/03/22 12:20:28
+++ src/lib/krb4/rd_svc_key.c 1996/03/22 16:37:33
@@ -13,6 +13,14 @@
#include <stdio.h>
#include <string.h>
+#ifdef LEHMAN
+#define KRB4_USE_KEYTAB
+#endif
+
+#ifdef KRB4_USE_KEYTAB
+#include "k5-int.h"
+#endif
+
extern char *krb__get_srvtabname();
/*
@@ -119,6 +127,59 @@
char *file; /* Filename */
char *key; /* Pointer to key to be filled in */
{
+#ifdef KRB4_USE_KEYTAB
+ krb5_context context;
+ krb5_principal princ;
+ krb5_error_code retval = 0;
+ krb5_keytab kt_id;
+ krb5_keytab_entry kt_entry;
+ char sname[ANAME_SZ+1];
+ char sinst[INST_SZ+1];
+ char srealm[REALM_SZ+1];
+ char keytabname[MAX_KEYTAB_NAME_LEN + 1]; /* + 1 for NULL termination */
+
+ krb5_init_context(&context);
+ krb5_init_ets(context);
+
+ if (!strcmp(instance, "*")) {
+ retval = krb5_sname_to_principal(context, NULL, NULL, KRB5_NT_SRV_HST,
+ &princ);
+ if (!retval) {
+ retval = krb5_524_conv_principal(context, princ,
+ sname, sinst, srealm);
+ krb5_free_principal(context, princ);
+ }
+ if (!retval)
+ instance = sinst;
+ }
+
+ retval = krb5_425_conv_principal(context,
+ service,
+ instance,
+ realm,
+ &princ);
+ if (!retval)
+ retval = krb5_kt_default_name(context, (char *)keytabname,
+ sizeof(keytabname)-1);
+ if (!retval) {
+ retval = krb5_kt_resolve(context, (char *)keytabname, &kt_id);
+ if (!retval)
+ retval = krb5_kt_get_entry(context, kt_id, princ, kvno,
+ ENCTYPE_DES_CBC_CRC, &kt_entry);
+ krb5_kt_close(context, kt_id);
+ krb5_free_principal(context, princ);
+ }
+ if (!retval) {
+ if (kt_entry.key.length == sizeof(C_Block)) {
+ (void) memcpy(key, kt_entry.key.contents, sizeof(C_Block));
+ krb5_kt_free_entry(context, &kt_entry);
+ krb5_free_context(context);
+ return KSUCCESS;
+ }
+ krb5_kt_free_entry(context, &kt_entry);
+ }
+ krb5_free_context(context);
+#endif
return get_service_key(service,instance,realm,&kvno,file,key);
}
Richard Basch
Sr. Developer/Analyst URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
