asetkey: permit des-cbc-md5 and des-cbc-md4 keys

A DES key is a DES key.  Permit importing CRC, MD5 and MD4
when using non-MIT keytab support.

Add a special error message that specifies what principal
name, kvno, and enctype were being searched for when the
error is KRB5_KT_NOTFOUND.

Change-Id: I7d3b5fbc41db5e5e91278854ce52842720e6b5d3
Reviewed-on: http://gerrit.openafs.org/4458
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>

diff --git a/src/WINNT/aklog/asetkey.c b/src/WINNT/aklog/asetkey.c
index 6344955..617158c 100644 (file)
--- a/src/WINNT/aklog/asetkey.c
+++ b/src/WINNT/aklog/asetkey.c
@@ -114,8 +114,24 @@ main(int argc, char **argv)
        }
        retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
                                          ENCTYPE_DES_CBC_CRC, &key);
-       if (retval != 0) {
-               afs_com_err(argv[0], retval, "while extracting AFS service key");
+        if (retval == KRB5_KT_NOTFOUND)
+            retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+                                               ENCTYPE_DES_CBC_MD5, &key);
+        if (retval == KRB5_KT_NOTFOUND)
+            retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+                                               ENCTYPE_DES_CBC_MD4, &key);
+        if (retval == KRB5_KT_NOTFOUND) {
+            char * princname = NULL;
+
+            krb5_unparse_name(context, principal, &princname);
+
+            afs_com_err(argv[0], retval,
+                        "for keytab entry with Principal %s, kvno %u, DES-CBC-CRC/MD5/MD4",
+                        princname ? princname : argv[4],
+                        kvno);
+            exit(1);
+        } else if (retval != 0) {
+            afs_com_err(argv[0], retval, "while extracting AFS service key");
                exit(1);
        }
 

diff --git a/src/aklog/asetkey.c b/src/aklog/asetkey.c
index 2645027..106c100 100644 (file)
--- a/src/aklog/asetkey.c
+++ b/src/aklog/asetkey.c
@@ -112,7 +112,23 @@ main(int argc, char *argv[])
            }
            retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
                                              ENCTYPE_DES_CBC_CRC, &key);
-           if (retval != 0) {
+            if (retval == KRB5_KT_NOTFOUND)
+                retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+                                                   ENCTYPE_DES_CBC_MD5, &key);
+            if (retval == KRB5_KT_NOTFOUND)
+                retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+                                                   ENCTYPE_DES_CBC_MD4, &key);
+            if (retval == KRB5_KT_NOTFOUND) {
+                char * princname = NULL;
+
+                krb5_unparse_name(context, principal, &princname);
+
+                afs_com_err(argv[0], retval,
+                            "for keytab entry with Principal %s, kvno %u, DES-CBC-CRC/MD5/MD4",
+                            princname ? princname : argv[4],
+                            kvno);
+                exit(1);
+            } else if (retval != 0) {
                afs_com_err(argv[0], retval, "while extracting AFS service key");
                exit(1);
            }