From fc7abcb941d11df8d5447264bc4440a1255fcefb Mon Sep 17 00:00:00 2001 From: Richard Basch Date: Wed, 20 Mar 1996 01:01:24 +0000 Subject: [PATCH] * kdb5_edit.c (extract_v4_srvtab): do not test to make sure we fetched a key of enctype 1 (des-cbc-crc), since we may have gotten another des key from the database, which is just as useful in a v4 srvtab * dumpv4.c (dump_v4_iterator): use krb5_524_conv_principal to do the v5 to v4 principal translation, instead of having yet another hard-coded table. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7668 dc483132-0cff-0310-8789-dd5450dbe970 --- src/admin/edit/ChangeLog | 11 ++++ src/admin/edit/dumpv4.c | 115 ++++++++++++------------------------- src/admin/edit/kdb5_edit.c | 7 --- 3 files changed, 47 insertions(+), 86 deletions(-) diff --git a/src/admin/edit/ChangeLog b/src/admin/edit/ChangeLog index 7cf8b1c72..584601cf1 100644 --- a/src/admin/edit/ChangeLog +++ b/src/admin/edit/ChangeLog @@ -1,3 +1,14 @@ +Tue Mar 19 18:00:58 1996 Richard Basch + + * kdb5_edit.c (extract_v4_srvtab): do not test to make sure we + fetched a key of enctype 1 (des-cbc-crc), since we may have gotten + another des key from the database, which is just as useful in a + v4 srvtab + + * dumpv4.c (dump_v4_iterator): use krb5_524_conv_principal to do the + v5 to v4 principal translation, instead of having yet another + hard-coded table. + Wed Mar 6 16:17:20 1996 Richard Basch * dumpv4.c: The V4 master key & schedule was never initialized, diff --git a/src/admin/edit/dumpv4.c b/src/admin/edit/dumpv4.c index 0c4cacbae..83b87b3f0 100644 --- a/src/admin/edit/dumpv4.c +++ b/src/admin/edit/dumpv4.c @@ -114,77 +114,42 @@ dump_v4_iterator(ptr, entry) struct dump_record *arg = (struct dump_record *) ptr; krb5_tl_mod_princ *mod_princ = NULL; krb5_error_code retval; - char *mod_name=NULL; - char *name=NULL; int i, max_kvno, ok_key; struct v4princ { - char name[ANAME_SZ+1]; - char instance[INST_SZ+1]; - int max_life; - int kdc_key_ver, key_version, attributes; - char mod_name[ANAME_SZ+1]; - char mod_instance[INST_SZ+1]; + char name[ANAME_SZ+1]; + char instance[INST_SZ+1]; + char realm[REALM_SZ+1]; + int max_life; + int kdc_key_ver, key_version, attributes; + char mod_name[ANAME_SZ+1]; + char mod_instance[INST_SZ+1]; + char mod_realm[REALM_SZ+1]; } v4princ, *principal; des_cblock v4key; - - v4princ.name[ANAME_SZ] = 0; - v4princ.mod_name[ANAME_SZ] = 0; - v4princ.instance[INST_SZ] = 0; - v4princ.mod_instance[INST_SZ] = 0; - + principal = &v4princ; - if (retval = krb5_unparse_name(edit_context, entry->princ, &name)) { - com_err(arg->comerr_name, retval, "while unparsing principal"); - exit_status++; - return retval; - } + if (strcmp(krb5_princ_realm(edit_context, entry->princ)->data, arg->realm)) + /* skip this because it's a key for a different realm, probably + * a paired krbtgt key */ + return 0; - if (strcmp(krb5_princ_realm(edit_context, entry->princ)->data, arg->realm)){ - /* - * skip this because it's a key for a different realm, probably - * a paired krbtgt key - */ - free(name); + retval = krb5_524_conv_principal(edit_context, entry->princ, + principal->name, principal->instance, + principal->realm); + if (retval) + /* Skip invalid V4 principals */ return 0; - } - strncpy(principal->name, - krb5_princ_component(edit_context, entry->princ, 0)->data,ANAME_SZ); - if (!strcmp(principal->name, "host")) { - strcpy(principal->name, "rcmd"); - } - if (!principal->name[0]) { - strcpy(principal->name, "*"); - } + if (!strcmp(principal->name, "K") && !strcmp(principal->instance, "M")) + /* The V4 master key is handled specially */ + return 0; - if (entry->princ->length > 2) { - free(name); + if (! principal->name[0]) return 0; - } else if (entry->princ->length > 1) { - char *inst; - strncpy(principal->instance, - krb5_princ_component(edit_context, entry->princ, 1)->data, - INST_SZ); - if ((inst = strchr(principal->instance, '.')) && - strcmp(principal->name, "krbtgt") && - strcmp(principal->name, "afs")) - { - /* nuke domain off the end of anything that isn't a tgt */ - *inst = '\0'; - } - if (!strcmp(principal->name, "K") && !strcmp(principal->instance, "M")) - { - /* The V4 master key is handled specially */ - free(name); - return 0; - } - } else { - principal->instance[0] = '*'; - principal->instance[1] = '\0'; - } - free(name); + if (! principal->instance[0]) + strcpy(principal->instance, "*"); /* Now move to mod princ */ if (retval = krb5_dbe_decode_mod_princ_data(edit_context,entry,&mod_princ)){ @@ -192,28 +157,20 @@ dump_v4_iterator(ptr, entry) exit_status++; return retval; } - if (retval=krb5_unparse_name(edit_context,mod_princ->mod_princ,&mod_name)) { - com_err(arg->comerr_name, retval, "while unparsing principal"); - exit_status++; - return retval; - } - strncpy(principal->mod_name, - krb5_princ_component(edit_context, mod_princ->mod_princ, 0)->data, - ANAME_SZ); - if (!principal->mod_name[0]) { - strcpy(principal->mod_name, "*"); - } - - if (mod_princ->mod_princ->length > 1) { - strncpy(principal->mod_instance, - krb5_princ_component(edit_context,mod_princ->mod_princ,1)->data, - INST_SZ); - } else { - principal->mod_instance[0] = '*'; - principal->mod_instance[1] = '\0'; + retval = krb5_524_conv_principal(edit_context, mod_princ->mod_princ, + principal->mod_name, principal->mod_instance, + principal->mod_realm); + if (retval) { + /* Invalid V4 mod principal */ + principal->mod_name[0] = '\0'; + principal->mod_instance[0] = '\0'; } - free(mod_name); + if (! principal->mod_name[0]) + strcpy(principal->mod_name, "*"); + if (! principal->mod_instance[0]) + strcpy(principal->mod_instance, "*"); + /* OK deal with the key now. */ for (max_kvno = i = 0; i < entry->n_key_data; i++) { if (max_kvno < entry->key_data[i].key_data_kvno) { diff --git a/src/admin/edit/kdb5_edit.c b/src/admin/edit/kdb5_edit.c index 50bf99d48..4c0a380b6 100644 --- a/src/admin/edit/kdb5_edit.c +++ b/src/admin/edit/kdb5_edit.c @@ -887,13 +887,6 @@ void extract_v4_srvtab(argc, argv) exit_status++; goto cleanall; } - if (key.enctype != 1) { - com_err(argv[0], 0, "%s does not have a DES key!", pname); - exit_status++; - memset((char *)key.contents, 0, key.length); - krb5_xfree(key.contents); - continue; - } fwrite(argv[i], strlen(argv[i]) + 1, 1, fout); /* p.name */ fwrite(argv[1], strlen(argv[1]) + 1, 1, fout); /* p.instance */ fwrite(cur_realm, strlen(cur_realm) + 1, 1, fout); /* p.realm */ -- 2.26.2