oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Use all DES keys, not just des-cbc-md5, verify that they all are the same.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16110 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-09-30 11:20:53 +00:00
parent 5cfc8bd58c
commit 5be5faa722
1 changed files with 51 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
lib/krb5/keytab_keyfile.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2002, 2005 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -288,9 +288,16 @@ akf_add_entry(krb5_context context,
krb5_storage *sp; krb5_storage *sp;
if (entry->keyblock.keyvalue.length != 8 if (entry->keyblock.keyvalue.length != 8)
|| entry->keyblock.keytype != ETYPE_DES_CBC_MD5)
return 0; return 0;
switch(entry->keyblock.keytype) {
case ETYPE_DES_CBC_CRC:
case ETYPE_DES_CBC_MD4:
case ETYPE_DES_CBC_MD5:
break;
default:
return 0;
}
fd = open (d->filename, O_RDWR | O_BINARY); fd = open (d->filename, O_RDWR | O_BINARY);
if (fd < 0) { if (fd < 0) {
@@ -329,50 +336,72 @@ akf_add_entry(krb5_context context,
return ret; return ret;
} }
} }
/*
* Make sure we don't add the entry twice, assumes the DES
* encryption types are all the same key.
*/
if (len > 0) {
int32_t kvno;
int i;
for (i = 0; i < len; i++) {
ret = krb5_ret_int32(sp, &kvno);
if (ret) {
krb5_set_error_string (context, "Failed got get kvno ");
goto out;
}
if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) {
krb5_set_error_string (context, "seek: %s", strerror(ret));
goto out;
}
if (kvno == entry->vno) {
ret = 0;
goto out;
}
}
}
len++; len++;
if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) { if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) {
ret = errno; ret = errno;
krb5_storage_free(sp);
close(fd);
krb5_set_error_string (context, "seek: %s", strerror(ret)); krb5_set_error_string (context, "seek: %s", strerror(ret));
return ret; goto out;
} }
ret = krb5_store_int32(sp, len); ret = krb5_store_int32(sp, len);
if(ret) { if(ret) {
krb5_storage_free(sp); krb5_set_error_string(context, "keytab keyfile failed new length");
close(fd);
return ret; return ret;
} }
if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
ret = errno; ret = errno;
krb5_storage_free(sp); krb5_set_error_string (context, "seek to end: %s", strerror(ret));
close(fd); goto out;
krb5_set_error_string (context, "seek: %s", strerror(ret));
return ret;
} }
ret = krb5_store_int32(sp, entry->vno); ret = krb5_store_int32(sp, entry->vno);
if(ret) { if(ret) {
krb5_storage_free(sp); krb5_set_error_string(context, "keytab keyfile failed store kvno");
close(fd); goto out;
return ret;
} }
ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data,
entry->keyblock.keyvalue.length); entry->keyblock.keyvalue.length);
if(ret != entry->keyblock.keyvalue.length) { if(ret != entry->keyblock.keyvalue.length) {
krb5_storage_free(sp); if (ret < 0)
close(fd); ret = errno;
if(ret < 0) else
return errno; ret = ENOTTY;
return ENOTTY; krb5_set_error_string(context, "keytab keyfile failed to add key");
goto out;
} }
ret = 0;
out:
krb5_storage_free(sp); krb5_storage_free(sp);
close (fd); close (fd);
return 0; return ret;
} }
const krb5_kt_ops krb5_akf_ops = { const krb5_kt_ops krb5_akf_ops = {