|
 |
5af5b2 |
From patch attached to http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349,
|
|
|
5af5b2 |
at http://krbdev.mit.edu/rt/Ticket/Attachment/23851/13214/kvno.diff, adjusted
|
|
|
5af5b2 |
as needed to apply to 1.10. FIXME: I'd like to better handle cases where we
|
|
|
5af5b2 |
have a new key with the right version stored later in the keytab file.
|
|
|
5af5b2 |
Currently, we're setting up to overlook that possibility.
|
|
|
5af5b2 |
|
|
|
5af5b2 |
Note that this only affects the path taken when krb5_rd_rep() is passed a
|
|
|
5af5b2 |
server principal name, as without a server principal name it already tries
|
|
|
5af5b2 |
all of the keys it finds in the keytab, regardless of version numbers.
|
|
|
5af5b2 |
|
|
|
8c1676 |
[rharwood@redhat.com Modify patch to apply to 1.14.1]
|
|
|
8c1676 |
|
|
|
5af5b2 |
Index: krb5/src/kadmin/ktutil/ktutil.c
|
|
|
5af5b2 |
===================================================================
|
|
|
5af5b2 |
--- krb5/src/kadmin/ktutil/ktutil.c (revision 3367)
|
|
|
5af5b2 |
+++ krb5/src/kadmin/ktutil/ktutil.c (working copy)
|
|
|
5af5b2 |
@@ -155,7 +155,7 @@
|
|
|
5af5b2 |
char *princ = NULL;
|
|
|
5af5b2 |
char *enctype = NULL;
|
|
|
5af5b2 |
krb5_kvno kvno = 0;
|
|
|
5af5b2 |
- int use_pass = 0, use_key = 0, i;
|
|
|
5af5b2 |
+ int use_pass = 0, use_key = 0, use_kvno = 0, i;
|
|
|
5af5b2 |
|
|
|
5af5b2 |
for (i = 1; i < argc; i++) {
|
|
|
5af5b2 |
if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
|
|
|
5af5b2 |
@@ -164,6 +164,7 @@
|
|
|
5af5b2 |
}
|
|
|
5af5b2 |
if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
|
|
|
5af5b2 |
kvno = (krb5_kvno) atoi(argv[++i]);
|
|
|
5af5b2 |
+ use_kvno++;
|
|
|
5af5b2 |
continue;
|
|
|
5af5b2 |
}
|
|
|
5af5b2 |
if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
|
|
|
5af5b2 |
@@ -180,7 +181,7 @@
|
|
|
5af5b2 |
}
|
|
|
5af5b2 |
}
|
|
|
5af5b2 |
|
|
|
5af5b2 |
- if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) {
|
|
|
5af5b2 |
+ if (argc != 8 || !(princ && use_kvno && enctype) || (use_pass+use_key != 1)) {
|
|
|
5af5b2 |
fprintf(stderr, _("usage: %s (-key | -password) -p principal "
|
|
|
5af5b2 |
"-k kvno -e enctype\n"), argv[0]);
|
|
|
5af5b2 |
return;
|
|
|
5af5b2 |
Index: krb5/src/lib/krb5/keytab/kt_file.c
|
|
|
5af5b2 |
===================================================================
|
|
|
5af5b2 |
--- krb5/src/lib/krb5/keytab/kt_file.c (revision 3367)
|
|
|
5af5b2 |
+++ krb5/src/lib/krb5/keytab/kt_file.c (working copy)
|
|
|
5af5b2 |
@@ -349,7 +349,7 @@
|
|
|
8c1676 |
* Otherwise, remember that we were here so we can return the right
|
|
|
8c1676 |
* error, and free the new.
|
|
|
8c1676 |
*/
|
|
|
8c1676 |
- if (new_entry.vno == kvno) {
|
|
|
8c1676 |
+ if (new_entry.vno == kvno || new_entry.vno == IGNORE_VNO) {
|
|
|
5af5b2 |
krb5_kt_free_entry(context, &cur_entry);
|
|
|
5af5b2 |
cur_entry = new_entry;
|
|
|
8c1676 |
if (new_entry.vno == kvno)
|