[215] in Kerberos-V5-bugs
krb5 database format change
daemon@ATHENA.MIT.EDU (John Carr)
Fri Dec 6 16:12:42 1991
To: kerberos@Athena.MIT.EDU, krb5-testers@Athena.MIT.EDU
Date: Fri, 06 Dec 91 15:31:35 EST
From: John Carr <jfc@Athena.MIT.EDU>
To fix some bugs that made replicated databases fail when the servers used
different byte orders, we had to make a change to the database format. If
you run a kerberos server on a little-endian machine (VAX, DECstation, x86)
you will need to recreate the database after the next kerberos release.
This change does not affect the kerberos protocol or big-endian machines.
If you are planning to start using kerberos 5, you should apply this patch
first. It will be included in the next beta release.
If recreating the kerberos database is a problem, you can write a program or
awk/sed/perl script to make the fix. In a text dump of a database, the key
for a principal appears like this:
00000008772258331d2c5a33fe1e6d7c36a433400cc4352bb4bbdd48
The first four bytes are a byte count. This used to be in host byte order,
but is being changed to net byte order (MSB first). After swapping the byte
order, reload the database and start the new server.
If you feel you need to convert the database instead of recreating it,
please let me know. We do not consider kerberos version 5 ready for large
scale use as there has been insufficient testing.
*** /tmp/,RCSt1020075 Fri Dec 6 13:18:38 1991
--- encrypt_key.c Fri Dec 6 13:18:15 1991
***************
*** 1,6 ****
/*
* $Source: /afs/athena.mit.edu/astaff/project/krb5/src/lib/kdb/RCS/encrypt_key.c,v $
! * $Author: jtkohl $
*
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
--- 1,6 ----
/*
* $Source: /afs/athena.mit.edu/astaff/project/krb5/src/lib/kdb/RCS/encrypt_key.c,v $
! * $Author: jfc $
*
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
***************
*** 27,33 ****
#if !defined(lint) && !defined(SABER)
static char rcsid_encrypt_key_c [] =
! "$Id: encrypt_key.c,v 5.18 91/06/06 09:46:33 jtkohl Exp $";
#endif /* !lint & !SABER */
#include <krb5/krb5.h>
--- 27,33 ----
#if !defined(lint) && !defined(SABER)
static char rcsid_encrypt_key_c [] =
! "$Id: encrypt_key.c,v 5.19 91/12/06 13:17:59 jfc Exp $";
#endif /* !lint & !SABER */
#include <krb5/krb5.h>
***************
*** 51,56 ****
--- 51,57 ----
krb5_error_code retval;
krb5_keyblock tmpin;
+ int length;
out->keytype = in->keytype;
out->length = krb5_encrypt_size(in->length, eblock->crypto_entry);
***************
*** 63,69 ****
out->length = 0;
return ENOMEM;
}
! memcpy((char *)tmpin.contents, (const char *)in->contents, tmpin.length);
out->length += sizeof(out->length);
out->contents = (krb5_octet *)malloc(out->length);
--- 64,77 ----
out->length = 0;
return ENOMEM;
}
! /* Convert length from MSB first to host byte order for the encryption
! routine. Assumes sizeof (int) is 4. */
! length = ((((unsigned char*)in->contents)[0] << 24) +
! (((unsigned char*)in->contents)[1] << 16) +
! (((unsigned char*)in->contents)[2] << 8) +
! ((unsigned char*)in->contents)[3]);
! memcpy((char *)tmpin.contents, (const char *)&length, 4);
! memcpy((char *)tmpin.contents + 4, (const char *)in->contents + 4, tmpin.length);
out->length += sizeof(out->length);
out->contents = (krb5_octet *)malloc(out->length);
*** /tmp/,RCSt1020080 Fri Dec 6 13:18:47 1991
--- decrypt_key.c Fri Dec 6 13:18:18 1991
***************
*** 1,6 ****
/*
* $Source: /afs/athena.mit.edu/astaff/project/krb5/src/lib/kdb/RCS/decrypt_key.c,v $
! * $Author: jtkohl $
*
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
--- 1,6 ----
/*
* $Source: /afs/athena.mit.edu/astaff/project/krb5/src/lib/kdb/RCS/decrypt_key.c,v $
! * $Author: jfc $
*
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
***************
*** 27,33 ****
#if !defined(lint) && !defined(SABER)
static char rcsid_decrypt_key_c [] =
! "$Id: decrypt_key.c,v 5.13 91/06/06 09:46:37 jtkohl Exp $";
#endif /* !lint & !SABER */
#include <krb5/krb5.h>
--- 27,33 ----
#if !defined(lint) && !defined(SABER)
static char rcsid_decrypt_key_c [] =
! "$Id: decrypt_key.c,v 5.14 91/12/06 13:18:16 jfc Exp $";
#endif /* !lint & !SABER */
#include <krb5/krb5.h>
***************
*** 47,57 ****
const krb5_encrypted_keyblock *in;
krb5_keyblock *out;
{
krb5_error_code retval;
/* the encrypted version is stored as the unencrypted key length
! (in host byte order), followed by the encrypted key.
! */
out->keytype = in->keytype;
out->length = krb5_encrypt_size(in->length-sizeof(in->length),
eblock->crypto_entry);
--- 47,57 ----
const krb5_encrypted_keyblock *in;
krb5_keyblock *out;
{
+ int length;
krb5_error_code retval;
/* the encrypted version is stored as the unencrypted key length
! (4 bytes, MSB first) followed by the encrypted key. */
out->keytype = in->keytype;
out->length = krb5_encrypt_size(in->length-sizeof(in->length),
eblock->crypto_entry);
***************
*** 62,68 ****
return ENOMEM;
}
/* copy out the real length count */
! memcpy((char *)&out->length, (char *)in->contents, sizeof(out->length));
/* remember the contents of the encrypted version has a sizeof(in->length)
integer length of the real embedded key, followed by the
--- 62,72 ----
return ENOMEM;
}
/* copy out the real length count */
! length = ((unsigned char *)in->contents)[0] << 24;
! length += ((unsigned char *)in->contents)[1] << 16;
! length += ((unsigned char *)in->contents)[2] << 8;
! length += ((unsigned char *)in->contents)[3];
! out->length = length;
/* remember the contents of the encrypted version has a sizeof(in->length)
integer length of the real embedded key, followed by the
--John Carr (jfc@athena.mit.edu)
