With this change, lddb -old actually *works* on old dumps..

	* dump.c (process_k5beta_record): encrypted keys used to have 4
	byte lengths in MSB order, need to convert to 2 byte LSB order
	lengths before storing. Handle primary key and alternate key.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7534 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/admin/edit/ChangeLog b/src/admin/edit/ChangeLog
index db8424b596f8e5d29c922655406691610527bb31..24fba177116b877139167c662b93c2d6366c2571 100644 (file)
--- a/src/admin/edit/ChangeLog
+++ b/src/admin/edit/ChangeLog
@@ -1,3 +1,9 @@
+Sat Feb 24 04:02:18 1996  Mark W. Eichin  <eichin@cygnus.com>
+
+       * dump.c (process_k5beta_record): encrypted keys used to have 4
+       byte lengths in MSB order, need to convert to 2 byte LSB order
+       lengths before storing. Handle primary key and alternate key.
+
 Fri Feb 23 18:44:10 1996  Mark Eichin  <eichin@cygnus.com>
 
        * kdb5_edit.c (kdb5_edit_Init): set manual_mkey for testing with -P

diff --git a/src/admin/edit/dump.c b/src/admin/edit/dump.c
index c96c50af46d6c44e837dd5ae9361dab7581aac21..2dd3aec0b17cf4f8791d585b47d79f2549770a42 100644 (file)
--- a/src/admin/edit/dump.c
+++ b/src/admin/edit/dump.c
@@ -996,13 +996,32 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop)
                error++;
            }
            pkey->key_data_type[0] = tmpint1;
-           /* Read the key */
+           /* Read the old format key */
            if (!error && read_octet_string(filep,
                                            pkey->key_data_contents[0],
                                            pkey->key_data_length[0])) {
                try2read = read_key_data;
                error++;
            }
+           /* convert to a new format key */
+           /* the encrypted version is stored as the unencrypted key length
+              (4 bytes, MSB first) followed by the encrypted key. */
+           if ((pkey->key_data_length[0] > 4)
+               && (pkey->key_data_contents[0][0] == 0)
+               && (pkey->key_data_contents[0][1] == 0)) {
+             /* this really does look like an old key, so drop and swap */
+             /* the *new* length is 2 bytes, LSB first, sigh. */
+             size_t shortlen = pkey->key_data_length[0]-4+2;
+             char *shortcopy = (krb5_octet *) malloc(shortlen);
+             char *origdata = pkey->key_data_contents[0];
+             shortcopy[0] = origdata[3];
+             shortcopy[1] = origdata[2];
+             memcpy(shortcopy+2,origdata+4,shortlen-2);
+             free(origdata);
+             pkey->key_data_length[0] = shortlen;
+             pkey->key_data_contents[0] = shortcopy;
+           }
+             
            /* Read principal attributes */
            if (!error && (fscanf(filep,
                                  "\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t",
@@ -1053,6 +1072,26 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop)
                try2read = read_akey_data;
                error++;
            }
+
+           /* convert to a new format key */
+           /* the encrypted version is stored as the unencrypted key length
+              (4 bytes, MSB first) followed by the encrypted key. */
+           if ((akey->key_data_length[0] > 4)
+               && (akey->key_data_contents[0][0] == 0)
+               && (akey->key_data_contents[0][1] == 0)) {
+             /* this really does look like an old key, so drop and swap */
+             /* the *new* length is 2 bytes, LSB first, sigh. */
+             size_t shortlen = akey->key_data_length[0]-4+2;
+             char *shortcopy = (krb5_octet *) malloc(shortlen);
+             char *origdata = akey->key_data_contents[0];
+             shortcopy[0] = origdata[3];
+             shortcopy[1] = origdata[2];
+             memcpy(shortcopy+2,origdata+4,shortlen-2);
+             free(origdata);
+             akey->key_data_length[0] = shortlen;
+             akey->key_data_contents[0] = shortcopy;
+           }
+             
            /* Read alternate salt type */
            if (!error && (fscanf(filep, "\t%u\t", &tmpint1) != 1)) {
                try2read = read_asalt_type;