03254981cb
- update to version 1.12 * Add GSSAPI extensions for constructing MIC tokens using IOV lists * Add a FAST OTP preauthentication module for the KDC which uses RADIUS to validate OTP token values. * The AES-based encryption types will use AES-NI instructions when possible for improved performance. - revert dependency on libcom_err-mini-devel since it's not yet available - update and rebase patches OBS-URL: https://build.opensuse.org/request/show/213903 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=114
54 lines
2.4 KiB
Diff
54 lines
2.4 KiB
Diff
From patch attached to http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349,
|
|
at http://krbdev.mit.edu/rt/Ticket/Attachment/23851/13214/kvno.diff, adjusted
|
|
as needed to apply to 1.10. FIXME: I'd like to better handle cases where we
|
|
have a new key with the right version stored later in the keytab file.
|
|
Currently, we're setting up to overlook that possibility.
|
|
|
|
Note that this only affects the path taken when krb5_rd_rep() is passed a
|
|
server principal name, as without a server principal name it already tries
|
|
all of the keys it finds in the keytab, regardless of version numbers.
|
|
|
|
Index: krb5-1.11.1/src/kadmin/ktutil/ktutil.c
|
|
===================================================================
|
|
--- krb5-1.11.1.orig/src/kadmin/ktutil/ktutil.c
|
|
+++ krb5-1.11.1/src/kadmin/ktutil/ktutil.c
|
|
@@ -155,7 +155,7 @@ void ktutil_add_entry(argc, argv)
|
|
char *princ = NULL;
|
|
char *enctype = NULL;
|
|
krb5_kvno kvno = 0;
|
|
- int use_pass = 0, use_key = 0, i;
|
|
+ int use_pass = 0, use_key = 0, use_kvno = 0, i;
|
|
|
|
for (i = 1; i < argc; i++) {
|
|
if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
|
|
@@ -164,6 +164,7 @@ void ktutil_add_entry(argc, argv)
|
|
}
|
|
if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
|
|
kvno = (krb5_kvno) atoi(argv[++i]);
|
|
+ use_kvno++;
|
|
continue;
|
|
}
|
|
if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
|
|
@@ -180,7 +181,7 @@ void ktutil_add_entry(argc, argv)
|
|
}
|
|
}
|
|
|
|
- if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) {
|
|
+ if (argc != 8 || !(princ && use_kvno && enctype) || (use_pass+use_key != 1)) {
|
|
fprintf(stderr, _("usage: %s (-key | -password) -p principal "
|
|
"-k kvno -e enctype\n"), argv[0]);
|
|
return;
|
|
Index: krb5-1.11.1/src/lib/krb5/keytab/kt_file.c
|
|
===================================================================
|
|
--- krb5-1.11.1.orig/src/lib/krb5/keytab/kt_file.c
|
|
+++ krb5-1.11.1/src/lib/krb5/keytab/kt_file.c
|
|
@@ -349,7 +349,7 @@ krb5_ktfile_get_entry(krb5_context conte
|
|
higher than that. Short-term workaround: only compare
|
|
the low 8 bits. */
|
|
|
|
- if (new_entry.vno == (kvno & 0xff)) {
|
|
+ if (new_entry.vno == (kvno & 0xff) || new_entry.vno == IGNORE_VNO) {
|
|
krb5_kt_free_entry(context, &cur_entry);
|
|
cur_entry = new_entry;
|
|
break;
|