asetkey: permit des-cbc-md5 and des-cbc-md4 keys

A DES key is a DES key.  Permit importing CRC, MD5 and MD4
when using non-MIT keytab support.

Add a special error message that specifies what principal
name, kvno, and enctype were being searched for when the
error is KRB5_KT_NOTFOUND.

Change-Id: Ie04e86fc5516064a67d7804cc47f2e27a30ea7ea
Reviewed-on: http://gerrit.openafs.org/4459
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>

diff --git a/src/WINNT/aklog/asetkey.c b/src/WINNT/aklog/asetkey.c
index 63449558a779643f1bfbde770c76e74ab70a58ae..617158c13d48572e52ef71737a8898bf28776e20 100644 (file)
--- a/src/WINNT/aklog/asetkey.c
+++ b/src/WINNT/aklog/asetkey.c
@@ -114,8 +114,24 @@ main(int argc, char **argv)
        }
        retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
                                          ENCTYPE_DES_CBC_CRC, &key);
-       if (retval != 0) {
-               afs_com_err(argv[0], retval, "while extracting AFS service key");
+        if (retval == KRB5_KT_NOTFOUND)
+            retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+                                               ENCTYPE_DES_CBC_MD5, &key);
+        if (retval == KRB5_KT_NOTFOUND)
+            retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+                                               ENCTYPE_DES_CBC_MD4, &key);
+        if (retval == KRB5_KT_NOTFOUND) {
+            char * princname = NULL;
+
+            krb5_unparse_name(context, principal, &princname);
+
+            afs_com_err(argv[0], retval,
+                        "for keytab entry with Principal %s, kvno %u, DES-CBC-CRC/MD5/MD4",
+                        princname ? princname : argv[4],
+                        kvno);
+            exit(1);
+        } else if (retval != 0) {
+            afs_com_err(argv[0], retval, "while extracting AFS service key");
                exit(1);
        }
 

diff --git a/src/aklog/asetkey.c b/src/aklog/asetkey.c
index 416d1d6bb9dc9be09763c58652cdae2e7010ef87..180b6f9a37a3944c2c18e6ffbca34c0f2ceef67c 100644 (file)
--- a/src/aklog/asetkey.c
+++ b/src/aklog/asetkey.c
@@ -121,7 +121,23 @@ main(int argc, char *argv[])
            }
            retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
                                              ENCTYPE_DES_CBC_CRC, &key);
-           if (retval != 0) {
+            if (retval == KRB5_KT_NOTFOUND)
+                retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+                                                   ENCTYPE_DES_CBC_MD5, &key);
+            if (retval == KRB5_KT_NOTFOUND)
+                retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+                                                   ENCTYPE_DES_CBC_MD4, &key);
+            if (retval == KRB5_KT_NOTFOUND) {
+                char * princname = NULL;
+
+                krb5_unparse_name(context, principal, &princname);
+
+                afs_com_err(argv[0], retval,
+                            "for keytab entry with Principal %s, kvno %u, DES-CBC-CRC/MD5/MD4",
+                            princname ? princname : argv[4],
+                            kvno);
+                exit(1);
+            } else if (retval != 0) {
                afs_com_err(argv[0], retval, "while extracting AFS service key");
                exit(1);
            }