ktf_g_ent.c revision 505d05c73a6e56769f263d4803b22eddd168ee24
/*
* Copyright 2003 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
*
* Copyright 1990 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*
* This is the get_entry routine for the file based keytab implementation.
* It opens the keytab file, and either retrieves the entry or returns
* an error.
*/
#include <k5-int.h>
#include "ktfile.h"
{
krb5_error_code kerror = 0;
int found_wrong_kvno = 0;
int kvno_offset = 0;
/* Open the keyfile for reading */
"kerror= %d\n", kerror);
return(kerror);
}
/*
* For efficiency and simplicity, we'll use a while true that
* is exited with a break statement.
*/
/*CONSTCOND*/
while (TRUE) {
break;
/* by the time this loop exits, it must either free cur_entry,
and copy new_entry there, or free new_entry. Otherwise, it
leaks. */
/* if the principal isn't the one requested, free new_entry
and continue to the next. */
continue;
}
/* if the enctype is not ignored and doesn't match, free new_entry
and continue to the next */
if (enctype != IGNORE_ENCTYPE) {
&similar))) {
break;
}
if (!similar) {
continue;
}
/*
* Coerce the enctype of the output keyblock in case we
* got an inexact match on the enctype.
*/
}
if (kvno == IGNORE_VNO) {
/* if this is the first match, or if the new vno is
bigger, free the current and keep the new. Otherwise,
free the new. */
/* A 1.2.x keytab contains only the low 8 bits of the key
version number. Since it can be much bigger, and thus
the 8-bit value can wrap, we need some heuristics to
figure out the "highest" numbered key if some numbers
close to 255 and some near 0 are used.
The heuristic here:
If we have any keys with versions over 240, then assume
that all version numbers 0-127 refer to 256+N instead.
Not perfect, but maybe good enough? */
kvno_offset = 128;
} else {
}
} else {
/* if this kvno matches, free the current (will there ever
be one?), keep the new, and break out. Otherwise, remember
that we were here so we can return the right error, and
free the new */
/* Yuck. The krb5-1.2.x keytab format only stores one byte
for the kvno, so we're toast if the kvno requested is
higher than that. Short-term workaround: only compare
the low 8 bits. */
break;
} else {
}
}
}
if (kerror == KRB5_KT_END) {
kerror = 0;
else if (found_wrong_kvno)
else
}
if (kerror) {
"%d\n", kerror);
return kerror;
}
"kerror= %d\n", kerror);
return kerror;
}
/* Let us close the file before we leave */
return 0;
}