From f77a33fefbfb82455ddaebe08f901a2a2674797a Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 12 Jan 2010 05:37:06 +0000
Subject: [PATCH] Pull up r22782, r22784, r23610 from trunk, with additional
 test suite changes to compensate for the existence of the api.0/ unit tests
 that removed for 1.8.  Don't pull up the kadmin CLI changes for now.

 ------------------------------------------------------------------------
 r23610 | ghudson | 2010-01-07 21:43:21 -0500 (Thu, 07 Jan 2010) | 10 lines

 ticket: 6626
 subject: Restore interoperability with 1.6 addprinc -randkey
 tags: pullup
 target_version: 1.8

 The arcfour string-to-key operation in krb5 1.7 (or later) disagrees
 with the dummy password used by the addprinc -randkey operation in
 krb5 1.6's kadmin client, because it's not valid UTF-8.  Recognize the
 1.6 dummy password and use a random password instead.

 ------------------------------------------------------------------------
 r22784 | ghudson | 2009-09-24 11:40:26 -0400 (Thu, 24 Sep 2009) | 2 lines

 Fix kadm5 unit test modified in r22782.

 ------------------------------------------------------------------------
 r22782 | ghudson | 2009-09-21 14:40:02 -0400 (Mon, 21 Sep 2009) | 5 lines

 Improve the mechanism used for addprinc -randkey.  In the kadmin
 server, if the password is null when creating a principal, treat that
 as a request for a random key.  In the kadmin client, try using the
 new method for random key creation and then fall back to the old one.

ticket: 6635
version_fixed: 1.7.1
target_version: 1.7.1
status: resolved
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23650 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/kadm5/srv/svr_principal.c             | 63 +++++++++++++++----
 .../kadm5/unit-test/api.0/crte-principal.exp  |  4 +-
 .../kadm5/unit-test/api.2/crte-principal.exp  |  9 ++-
 3 files changed, 60 insertions(+), 16 deletions(-)

diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 207143710..f0fe849bb 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -185,6 +185,32 @@ static void cleanup_key_data(context, count, data)
      krb5_db_free(context, data);
 }
 
+/*
+ * Set *passptr to NULL if the request looks like the first part of a krb5 1.6
+ * addprinc -randkey operation.  The krb5 1.6 dummy password for these requests
+ * was invalid UTF-8, which runs afoul of the arcfour string-to-key.
+ */
+static void
+check_1_6_dummy(kadm5_principal_ent_t entry, long mask,
+                int n_ks_tuple, krb5_key_salt_tuple *ks_tuple, char **passptr)
+{
+    int i;
+    char *password = *passptr;
+
+    /* Old-style randkey operations disallowed tickets to start. */
+    if (!(mask & KADM5_ATTRIBUTES) ||
+        !(entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX))
+        return;
+
+    /* The 1.6 dummy password was the octets 1..255. */
+    for (i = 0; (unsigned char) password[i] == i + 1; i++);
+    if (password[i] != '\0' || i != 255)
+        return;
+
+    /* This will make the caller use a random password instead. */
+    *passptr = NULL;
+}
+
 kadm5_ret_t
 kadm5_create_principal(void *server_handle,
 			    kadm5_principal_ent_t entry, long mask,
@@ -214,6 +240,8 @@ kadm5_create_principal_3(void *server_handle,
 
     krb5_clear_error_message(handle->context);
 
+    check_1_6_dummy(entry, mask, n_ks_tuple, ks_tuple, &password);
+
     /*
      * Argument sanity checking, and opening up the DB
      */
@@ -226,7 +254,7 @@ kadm5_create_principal_3(void *server_handle,
 	return KADM5_BAD_MASK;
     if((mask & ~ALL_PRINC_MASK))
 	return KADM5_BAD_MASK;
-    if (entry == (kadm5_principal_ent_t) NULL || password == NULL)
+    if (entry == NULL)
 	return EINVAL;
 
     /*
@@ -260,11 +288,14 @@ kadm5_create_principal_3(void *server_handle,
 		return ret;
 	}
     }
-    if ((ret = passwd_check(handle, password, (mask & KADM5_POLICY),
-			    &polent, entry->principal))) {
-	if (mask & KADM5_POLICY)
-	     (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-	return ret;
+    if (password) {
+	ret = passwd_check(handle, password, (mask & KADM5_POLICY),
+			   &polent, entry->principal);
+	if (ret) {
+	    if (mask & KADM5_POLICY)
+		(void) kadm5_free_policy_ent(handle->lhandle, &polent);
+	    return ret;
+	}
     }
     /*
      * Start populating the various DB fields, using the
@@ -360,12 +391,20 @@ kadm5_create_principal_3(void *server_handle,
         return (ret);
     }
 
-    if ((ret = krb5_dbe_cpw(handle->context, act_mkey,
-			    n_ks_tuple?ks_tuple:handle->params.keysalts,
-			    n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
-			    password,
-			    (mask & KADM5_KVNO)?entry->kvno:1,
-			    FALSE, &kdb))) {
+    if (password) {
+	ret = krb5_dbe_cpw(handle->context, act_mkey,
+			   n_ks_tuple?ks_tuple:handle->params.keysalts,
+			   n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
+			   password, (mask & KADM5_KVNO)?entry->kvno:1,
+			   FALSE, &kdb);
+    } else {
+	/* Null password means create with random key (new in 1.8). */
+	ret = krb5_dbe_crk(handle->context, &master_keyblock,
+			   n_ks_tuple?ks_tuple:handle->params.keysalts,
+			   n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
+			   FALSE, &kdb);
+    }
+    if (ret) {
 	krb5_db_free_principal(handle->context, &kdb, 1);
 	if (mask & KADM5_POLICY)
 	     (void) kadm5_free_policy_ent(handle->lhandle, &polent);
diff --git a/src/lib/kadm5/unit-test/api.0/crte-principal.exp b/src/lib/kadm5/unit-test/api.0/crte-principal.exp
index 676a83013..1fd118ab2 100644
--- a/src/lib/kadm5/unit-test/api.0/crte-principal.exp
+++ b/src/lib/kadm5/unit-test/api.0/crte-principal.exp
@@ -54,10 +54,10 @@ proc test3 {} {
 	perror "$test: unexpected failure in init"
 	return
     }
-    one_line_fail_test [format {
+    one_line_succeed_test [format {
 	ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
 		{OVSEC_KADM_PRINCIPAL} null
-    } $test] "EINVAL"
+    } $test]
     if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
 	perror "$test: unexpected failure in destroy"
 	return
diff --git a/src/lib/kadm5/unit-test/api.2/crte-principal.exp b/src/lib/kadm5/unit-test/api.2/crte-principal.exp
index 8a84af271..2aa59deca 100644
--- a/src/lib/kadm5/unit-test/api.2/crte-principal.exp
+++ b/src/lib/kadm5/unit-test/api.2/crte-principal.exp
@@ -46,6 +46,11 @@ proc test3 {} {
 #    set prms_id 777
 #    setup_xfail {*-*-*} $prms_id
     begin_dump
+    if {! ((! [principal_exists "$test/a"]) ||
+	   [delete_principal "$test/a"])} {
+	    error_and_restart "$test: couldn't delete principal \"$test/a\""
+	    return
+    }
     if {! [cmd {
 	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
 		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
@@ -54,10 +59,10 @@ proc test3 {} {
 	perror "$test: unexpected failure in init"
 	return
     }
-    one_line_fail_test [format {
+    one_line_succeed_test [format {
 	kadm5_create_principal $server_handle [simple_principal "%s/a"] \
 		{KADM5_PRINCIPAL} null
-    } $test] "EINVAL"
+    } $test]
     if { ! [cmd {kadm5_destroy $server_handle}]} {
 	perror "$test: unexpected failure in destroy"
 	return
-- 
2.26.2