[737] in Kerberos-V5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Move "use most recent keytab key" patch from kinit to krb5_kt_get_entry

daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Mon Sep 12 16:16:44 1994

Date: Mon, 12 Sep 1994 16:18:10 -0400
From: "Jonathan I. Kamens" <jik@cam.ov.com>
To: krb5-bugs@MIT.EDU

Barry tells me that he discussed this problem with Ted, and he and Ted
agreed that krb5_kt_get_entry should be modified to return the most
recent key in the keytab, rather than the first key in the keytab, if
0 is specified for the key version number.

Given that, you should throw away the kinit patch I sent in the other
day and use this one instead.

I haven't provided a documentation patch :-).

  jik

--- lib/krb5/keytab/file/ktf_get_en.c	Wed Dec  1 17:00:04 1993
+++ ktf_get_en.c	Mon Sep 12 16:16:35 1994
@@ -47,7 +47,7 @@
 OLDDECLARG(krb5_kvno, kvno)
 OLDDECLARG(krb5_keytab_entry *, entry)
 {
-    krb5_keytab_entry *cur_entry;
+    krb5_keytab_entry *cur_entry = 0, *new_entry;
     krb5_error_code kerror = 0;
 
     /* Open the keyfile for reading */
@@ -59,25 +59,45 @@
      * is exited with a break statement.
      */
     while (TRUE) {
-	cur_entry = 0;
-	if (kerror = krb5_ktfileint_read_entry(id, &cur_entry))
+	if (kerror = krb5_ktfileint_read_entry(id, &new_entry))
 	    break;
 
-	if (((kvno == IGNORE_VNO) || (kvno == cur_entry->vno)) &&
-	    krb5_principal_compare(principal, cur_entry->principal)) {
-	    /* found a match */
-	    break;
+	if (((kvno == IGNORE_VNO) || (kvno == new_entry->vno)) &&
+	    krb5_principal_compare(principal, new_entry->principal)) {
+	    if (kvno != IGNORE_VNO) {
+		/* found an exact match */
+		cur_entry = new_entry;
+		break;
+	    }
+	    if (cur_entry) {
+		if (cur_entry->vno < new_entry->vno) {
+		    krb5_kt_free_entry(cur_entry);
+		    krb5_xfree(cur_entry);
+		    cur_entry = new_entry;
+		}
+	    }
+	    else {
+		cur_entry = new_entry;
+	    }
+	}
+	else {
+	    krb5_kt_free_entry(new_entry);
+	    krb5_xfree(new_entry);
 	}
-	krb5_kt_free_entry(cur_entry);
-	krb5_xfree(cur_entry);
     }
     if (kerror && kerror != KRB5_KT_END) {
+	if (cur_entry) {
+	    krb5_kt_free_entry(cur_entry);
+	    krb5_xfree(cur_entry);
+	}
 	(void) krb5_ktfileint_close(id);
 	return kerror;
     }
-    if ((kerror = krb5_ktfileint_close(id)) != 0) {
-	krb5_kt_free_entry(cur_entry);
-	krb5_xfree(cur_entry);
+    if (kerror = krb5_ktfileint_close(id)) {
+	if (cur_entry) {
+	    krb5_kt_free_entry(cur_entry);
+	    krb5_xfree(cur_entry);
+	}
 	return kerror;
     }
     if (!cur_entry)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[737] in Kerberos-V5-bugs

Move "use most recent keytab key" patch from kinit to krb5_kt_get_entry

daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)Mon Sep 12 16:16:44 1994

daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Mon Sep 12 16:16:44 1994