svn rev #22795: branches/krb5-1-7/src/lib/kdb/
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Sep 28 16:27:10 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22795
Commit By: tlyu
Log Message:
ticket: 6506
status: resolved
pull up r22397 from trunk
------------------------------------------------------------------------
r22397 | ghudson | 2009-06-01 18:39:31 -0400 (Mon, 01 Jun 2009) | 17 lines
ticket: 6506
subject: Make results of krb5_db_def_fetch_mkey more predictable
tags: pullup
target_version: 1.7
krb5_db_def_fetch_mkey tries the stash file as a keytab, then falls
back to the old stash file format. If the stash file was in keytab
format, but didn't contain the desired master key, we would try to
read a keytab file as a stash file. This could succeed or fail
depending on byte order and other unpredictable factors. The upshot
was that one of the libkadm5 unit tests (init 108) was getting a
different error code on different platforms.
To fix this, only try the stash file format if we get
KRB5_KEYTAB_BADVNO trying the keytab format. This requires reworking
the error handling logic.
Changed Files:
U branches/krb5-1-7/src/lib/kdb/kdb_default.c
Modified: branches/krb5-1-7/src/lib/kdb/kdb_default.c
===================================================================
--- branches/krb5-1-7/src/lib/kdb/kdb_default.c 2009-09-28 20:06:57 UTC (rev 22794)
+++ branches/krb5-1-7/src/lib/kdb/kdb_default.c 2009-09-28 20:27:10 UTC (rev 22795)
@@ -403,7 +403,7 @@
krb5_kvno *kvno,
char *db_args)
{
- krb5_error_code retval_ofs = 0, retval_kt = 0;
+ krb5_error_code retval;
char keyfile[MAXPATHLEN+1];
krb5_data *realm = krb5_princ_realm(context, mname);
@@ -418,31 +418,22 @@
/* null terminate no matter what */
keyfile[sizeof(keyfile) - 1] = '\0';
- /* assume the master key is in a keytab */
- retval_kt = krb5_db_def_fetch_mkey_keytab(context, keyfile, mname, key, kvno);
- if (retval_kt != 0) {
- /*
- * If it's not in a keytab, fall back and try getting the mkey from the
- * older stash file format.
- */
- retval_ofs = krb5_db_def_fetch_mkey_stash(context, keyfile, key, kvno);
- }
+ /* Try the keytab and old stash file formats. */
+ retval = krb5_db_def_fetch_mkey_keytab(context, keyfile, mname, key, kvno);
+ if (retval == KRB5_KEYTAB_BADVNO)
+ retval = krb5_db_def_fetch_mkey_stash(context, keyfile, key, kvno);
- if (retval_kt != 0 && retval_ofs != 0) {
- /*
- * Error, not able to get mkey from either file format. Note, in order
- * to try to return a more correct error, the logic below is assuming
- * that if either of the stash reading functions returned
- * KRB5_KDB_BADSTORED_MKEY then this is probably the real error.
- */
- krb5_set_error_message (context, KRB5_KDB_CANTREAD_STORED,
- "Can not fetch master key either from keytab (error: %s) or old "
- "format (error %s).", error_message(retval_kt),
- error_message(retval_ofs));
- return KRB5_KDB_CANTREAD_STORED;
- } else {
- return 0;
- }
+ /*
+ * Use a generic error code for failure to retrieve the master
+ * key, but set a message indicating the actual error.
+ */
+ if (retval != 0) {
+ krb5_set_error_message(context, KRB5_KDB_CANTREAD_STORED,
+ "Can not fetch master key (error: %s).",
+ error_message(retval));
+ return KRB5_KDB_CANTREAD_STORED;
+ } else
+ return 0;
}
/*
More information about the cvs-krb5
mailing list