| commit | e1712f7c0e68522582fd677de34c6475d74649ed | |
| author | Russ Allbery <rra@stanford.edu> | |
| Fri, 29 Jan 2010 06:21:50 +0000 (28 22:21 -0800) | ||
| committer | Love Hornquist Astrand <lha@h5l.org> | |
| Tue, 16 Mar 2010 19:20:25 +0000 (16 12:20 -0700) | ||
| tree | 44c0dc1a1f16b7eeec9088349d02a35cad93a877 | treesnapshot (tar.gz zip) |
| parent | 6b69c5555ba1b988572ff7a6afa92927df023d0e | commitdiff |
Discard old keys in MIT dump files in hprop
An MIT dump file may contain multiple key sets for one principal, with
different kvnos. The Heimdal database can only represent a single
kvno, and previously the kvno was set to the last key found in the entry
and all keys were added to the entry. Since kvnos are given from high
to low in the database dump, this would result in the principal getting
the kvno of the oldest key and all keys stored without regard for kvno.
Instead, ignore all keys with kvnos lower than the first kvno we see and
only store keys with a kvno matching it. If we see a key with a kvno
higher than the first kvno we see, exit with an error since that case is
not currently handled (and should not happen in a typical MIT database
dump).
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
An MIT dump file may contain multiple key sets for one principal, with
different kvnos. The Heimdal database can only represent a single
kvno, and previously the kvno was set to the last key found in the entry
and all keys were added to the entry. Since kvnos are given from high
to low in the database dump, this would result in the principal getting
the kvno of the oldest key and all keys stored without regard for kvno.
Instead, ignore all keys with kvnos lower than the first kvno we see and
only store keys with a kvno matching it. If we see a key with a kvno
higher than the first kvno we see, exit with an error since that case is
not currently handled (and should not happen in a typical MIT database
dump).
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
| kdc/mit_dump.c | diffblobblamehistory |