From abae30e14fd58cd1371fb4f7a517359d813d7b7b Mon Sep 17 00:00:00 2001 From: Richard Basch Date: Thu, 11 Apr 1996 00:32:22 +0000 Subject: [PATCH] * rd_svc_key.c (read_service_key): First try to read the V4 service key from the V4 srvtab, and if it fails, try the keytab. A * instance will be translated into the default instance component (usually the FQDN of the local hostname). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7785 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb4/ChangeLog | 12 +++++++ src/lib/krb4/configure.in | 1 + src/lib/krb4/rd_svc_key.c | 66 ++++++++++++++++++++++++++++++++++++++- 3 files changed, 78 insertions(+), 1 deletion(-) diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index ee8fa0d8d..f1cc0face 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,15 @@ +Wed Apr 10 19:18:57 1996 Richard Basch + + * rd_svc_key.c (read_service_key): First try to read the V4 + service key from the V4 srvtab, and if it fails, try the keytab. + A * instance will be translated into the default instance component + (usually the FQDN of the local hostname). + +Fri Mar 29 16:45:00 1996 Richard Basch + + * rd_svc_key.c, configure.in: Try to read the V4 service key from a + V5 keytab. + Tue Mar 19 11:23:13 1996 Ezra Peisach * tf_util.c (tf_get_cred): Issue date is written out as a long, diff --git a/src/lib/krb4/configure.in b/src/lib/krb4/configure.in index 9642b5f98..27e3dfa54 100644 --- a/src/lib/krb4/configure.in +++ b/src/lib/krb4/configure.in @@ -38,6 +38,7 @@ if test $ac_cv_sizeof_int = 2; then else AC_DEFINE(BITS32) fi +AC_DEFINE(KRB4_USE_KEYTAB) AC_HAVE_FUNCS(strsave seteuid setreuid setresuid) ET_RULES V5_SHARED_LIB_OBJS diff --git a/src/lib/krb4/rd_svc_key.c b/src/lib/krb4/rd_svc_key.c index e23311252..2b08baea6 100644 --- a/src/lib/krb4/rd_svc_key.c +++ b/src/lib/krb4/rd_svc_key.c @@ -13,6 +13,8 @@ #include #include +#include "k5-int.h" + extern char *krb__get_srvtabname(); /* @@ -119,7 +121,69 @@ int read_service_key(service,instance,realm,kvno,file,key) char *file; /* Filename */ char *key; /* Pointer to key to be filled in */ { - return get_service_key(service,instance,realm,&kvno,file,key); + int kret; + +#ifdef KRB4_USE_KEYTAB + krb5_error_code retval; + krb5_context context; + krb5_principal princ; + krb5_keytab kt_id; + krb5_keytab_entry kt_entry; + char sname[ANAME_SZ+1]; + char sinst[INST_SZ+1]; + char srealm[REALM_SZ+1]; + char keytabname[MAX_KEYTAB_NAME_LEN + 1]; /* + 1 for NULL termination */ +#endif + + kret = get_service_key(service,instance,realm,&kvno,file,key); + +#ifdef KRB4_USE_KEYTAB + if (! kret) + return KSUCCESS; + + krb5_init_context(&context); + krb5_init_ets(context); + + if (!strcmp(instance, "*")) { + retval = krb5_sname_to_principal(context, NULL, NULL, KRB5_NT_SRV_HST, + &princ); + if (!retval) { + retval = krb5_524_conv_principal(context, princ, + sname, sinst, srealm); + krb5_free_principal(context, princ); + } + if (!retval) + instance = sinst; + } + + retval = krb5_425_conv_principal(context, + service, + instance, + realm, + &princ); + if (!retval) + retval = krb5_kt_default_name(context, (char *)keytabname, + sizeof(keytabname)-1); + if (!retval) { + retval = krb5_kt_resolve(context, (char *)keytabname, &kt_id); + if (!retval) + retval = krb5_kt_get_entry(context, kt_id, princ, kvno, + ENCTYPE_DES_CBC_CRC, &kt_entry); + krb5_kt_close(context, kt_id); + krb5_free_principal(context, princ); + } + if (!retval) { + if (kt_entry.key.length == sizeof(C_Block)) { + (void) memcpy(key, kt_entry.key.contents, sizeof(C_Block)); + } else { + retval = KRB5_BAD_KEYSIZE; + } + krb5_kt_free_entry(context, &kt_entry); + } + krb5_free_context(context); +#endif + + return (retval ? kret : KSUCCESS); } /* kvno is passed by reference, so that if it is zero, and we find a match, -- 2.26.2