From 0d1a063072575bd44378b09b01e9e2fffe5a032e Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Tue, 12 Apr 2011 11:48:27 -0400
Subject: [PATCH] asetkey: permit des-cbc-md5 and des-cbc-md4 keys

A DES key is a DES key.  Permit importing CRC, MD5 and MD4
when using non-MIT keytab support.

Add a special error message that specifies what principal
name, kvno, and enctype were being searched for when the
error is KRB5_KT_NOTFOUND.

Change-Id: Ie04e86fc5516064a67d7804cc47f2e27a30ea7ea
Reviewed-on: http://gerrit.openafs.org/4459
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
---
 src/WINNT/aklog/asetkey.c | 20 ++++++++++++++++++--
 src/aklog/asetkey.c       | 18 +++++++++++++++++-
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/src/WINNT/aklog/asetkey.c b/src/WINNT/aklog/asetkey.c
index 63449558a..617158c13 100644
--- a/src/WINNT/aklog/asetkey.c
+++ b/src/WINNT/aklog/asetkey.c
@@ -114,8 +114,24 @@ main(int argc, char **argv)
 	}
 	retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
 					  ENCTYPE_DES_CBC_CRC, &key);
-	if (retval != 0) {
-		afs_com_err(argv[0], retval, "while extracting AFS service key");
+        if (retval == KRB5_KT_NOTFOUND)
+            retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+                                               ENCTYPE_DES_CBC_MD5, &key);
+        if (retval == KRB5_KT_NOTFOUND)
+            retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+                                               ENCTYPE_DES_CBC_MD4, &key);
+        if (retval == KRB5_KT_NOTFOUND) {
+            char * princname = NULL;
+
+            krb5_unparse_name(context, principal, &princname);
+
+            afs_com_err(argv[0], retval,
+                        "for keytab entry with Principal %s, kvno %u, DES-CBC-CRC/MD5/MD4",
+                        princname ? princname : argv[4],
+                        kvno);
+            exit(1);
+        } else if (retval != 0) {
+            afs_com_err(argv[0], retval, "while extracting AFS service key");
 		exit(1);
 	}
 
diff --git a/src/aklog/asetkey.c b/src/aklog/asetkey.c
index 416d1d6bb..180b6f9a3 100644
--- a/src/aklog/asetkey.c
+++ b/src/aklog/asetkey.c
@@ -121,7 +121,23 @@ main(int argc, char *argv[])
 	    }
 	    retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
 					      ENCTYPE_DES_CBC_CRC, &key);
-	    if (retval != 0) {
+            if (retval == KRB5_KT_NOTFOUND)
+                retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+                                                   ENCTYPE_DES_CBC_MD5, &key);
+            if (retval == KRB5_KT_NOTFOUND)
+                retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+                                                   ENCTYPE_DES_CBC_MD4, &key);
+            if (retval == KRB5_KT_NOTFOUND) {
+                char * princname = NULL;
+
+                krb5_unparse_name(context, principal, &princname);
+
+                afs_com_err(argv[0], retval,
+                            "for keytab entry with Principal %s, kvno %u, DES-CBC-CRC/MD5/MD4",
+                            princname ? princname : argv[4],
+                            kvno);
+                exit(1);
+            } else if (retval != 0) {
 		afs_com_err(argv[0], retval, "while extracting AFS service key");
 		exit(1);
 	    }
-- 
2.39.5