From e1712f7c0e68522582fd677de34c6475d74649ed Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Thu, 28 Jan 2010 22:21:50 -0800
Subject: [PATCH] Discard old keys in MIT dump files in hprop

An MIT dump file may contain multiple key sets for one principal, with
different kvnos.  The Heimdal database can only represent a single
kvno, and previously the kvno was set to the last key found in the entry
and all keys were added to the entry.  Since kvnos are given from high
to low in the database dump, this would result in the principal getting
the kvno of the oldest key and all keys stored without regard for kvno.

Instead, ignore all keys with kvnos lower than the first kvno we see and
only store keys with a kvno matching it.  If we see a key with a kvno
higher than the first kvno we see, exit with an error since that case is
not currently handled (and should not happen in a typical MIT database
dump).

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
---
 kdc/mit_dump.c | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/kdc/mit_dump.c b/kdc/mit_dump.c
index a9b87493c..eafa33cab 100644
--- a/kdc/mit_dump.c
+++ b/kdc/mit_dump.c
@@ -236,6 +236,7 @@ mit_prop_dump(void *arg, const char *file)
 
 	int num_tl_data;
 	int num_key_data;
+	int high_kvno;
 	int attributes;
 
 	int tmp;
@@ -349,11 +350,37 @@ mit_prop_dump(void *arg, const char *file)
 	    }
 	}
 	ALLOC_SEQ(&ent.entry.keys, num_key_data);
+	high_kvno = -1;
 	for(i = 0; i < num_key_data; i++) {
 	    int key_versions;
+	    int kvno;
 	    key_versions = getint(&p); /* key data version */
-	    ent.entry.kvno = getint(&p); /* XXX kvno */
-	
+	    kvno = getint(&p);
+
+	    /*
+	     * An MIT dump file may contain multiple sets of keys with
+	     * different kvnos.  Since the Heimdal database can only represent
+	     * one kvno per principal, we only want the highest set.  Assume
+	     * that set will be given first, and discard all keys with lower
+	     * kvnos.
+	     */
+	    if (kvno > high_kvno && high_kvno != -1)
+		errx(1, "line %d: high kvno keys given after low kvno keys",
+		     lineno);
+	    else if (kvno < high_kvno) {
+		nexttoken(&p); /* key type */
+		nexttoken(&p); /* key length */
+		nexttoken(&p); /* key */
+		if (key_versions > 1) {
+		    nexttoken(&p); /* salt type */
+		    nexttoken(&p); /* salt length */
+		    nexttoken(&p); /* salt */
+		}
+		ent.entry.keys.len--;
+		continue;
+	    }
+	    ent.entry.kvno = kvno;
+	    high_kvno = kvno;
 	    ALLOC(ent.entry.keys.val[i].mkvno);
 	    *ent.entry.keys.val[i].mkvno = 0;
 	
-- 
2.11.4.GIT