* rd_svc_key.c (read_service_key): First try to read the V4

service key from the V4 srvtab, and if it fails, try the keytab.
A * instance will be translated into the default instance component
(usually the FQDN of the local hostname).

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7785 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 78 insertions, 1 deletions

diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog
index ee8fa0d8d..f1cc0face 100644
--- a/src/lib/krb4/ChangeLog
+++ b/src/lib/krb4/ChangeLog
@@ -1,3 +1,15 @@
+Wed Apr 10 19:18:57 1996  Richard Basch  <basch@lehman.com>
+
+	* rd_svc_key.c (read_service_key): First try to read the V4
+	service key from the V4 srvtab, and if it fails, try the keytab.
+	A * instance will be translated into the default instance component
+	(usually the FQDN of the local hostname).
+
+Fri Mar 29 16:45:00 1996  Richard Basch  <basch@lehman.com>
+
+	* rd_svc_key.c, configure.in: Try to read the V4 service key from a
+		V5 keytab.
+
 Tue Mar 19 11:23:13 1996  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
 	* tf_util.c (tf_get_cred): Issue date is written out as a long,
diff --git a/src/lib/krb4/configure.in b/src/lib/krb4/configure.in
index 9642b5f98..27e3dfa54 100644
--- a/src/lib/krb4/configure.in
+++ b/src/lib/krb4/configure.in
@@ -38,6 +38,7 @@ if test $ac_cv_sizeof_int = 2; then
 else
 	AC_DEFINE(BITS32)
 fi
+AC_DEFINE(KRB4_USE_KEYTAB)
 AC_HAVE_FUNCS(strsave seteuid setreuid setresuid)
 ET_RULES
 V5_SHARED_LIB_OBJS
diff --git a/src/lib/krb4/rd_svc_key.c b/src/lib/krb4/rd_svc_key.c
index e23311252..2b08baea6 100644
--- a/src/lib/krb4/rd_svc_key.c
+++ b/src/lib/krb4/rd_svc_key.c
@@ -13,6 +13,8 @@
 #include <stdio.h>
 #include <string.h>
 
+#include "k5-int.h"
+
 extern char *krb__get_srvtabname();
 
 /*
@@ -119,7 +121,69 @@ int read_service_key(service,instance,realm,kvno,file,key)
     char *file;                 /* Filename */
     char *key;                  /* Pointer to key to be filled in */
 {
-    return get_service_key(service,instance,realm,&kvno,file,key);
+    int kret;
+    
+#ifdef KRB4_USE_KEYTAB
+    krb5_error_code retval;
+    krb5_context context;
+    krb5_principal princ;
+    krb5_keytab kt_id;
+    krb5_keytab_entry kt_entry;
+    char sname[ANAME_SZ+1];
+    char sinst[INST_SZ+1];
+    char srealm[REALM_SZ+1];
+    char keytabname[MAX_KEYTAB_NAME_LEN + 1];	/* + 1 for NULL termination */
+#endif
+
+    kret = get_service_key(service,instance,realm,&kvno,file,key);
+
+#ifdef KRB4_USE_KEYTAB
+    if (! kret)
+	return KSUCCESS;
+
+    krb5_init_context(&context);
+    krb5_init_ets(context);
+
+    if (!strcmp(instance, "*")) {
+	retval = krb5_sname_to_principal(context, NULL, NULL, KRB5_NT_SRV_HST,
+					 &princ);
+	if (!retval) {
+	    retval = krb5_524_conv_principal(context, princ,
+					     sname, sinst, srealm);
+	    krb5_free_principal(context, princ);
+	}
+	if (!retval)
+	    instance = sinst;
+    }
+    
+    retval = krb5_425_conv_principal(context,
+				     service,
+				     instance,
+				     realm,
+				     &princ);
+    if (!retval)
+	retval = krb5_kt_default_name(context, (char *)keytabname,
+				      sizeof(keytabname)-1);
+    if (!retval) {
+	retval = krb5_kt_resolve(context, (char *)keytabname, &kt_id);
+	if (!retval)
+	    retval = krb5_kt_get_entry(context, kt_id, princ, kvno,
+				       ENCTYPE_DES_CBC_CRC, &kt_entry);
+	krb5_kt_close(context, kt_id);
+	krb5_free_principal(context, princ);
+    }
+    if (!retval) {
+	if (kt_entry.key.length == sizeof(C_Block)) {
+	    (void) memcpy(key, kt_entry.key.contents, sizeof(C_Block));
+	} else {
+	    retval = KRB5_BAD_KEYSIZE;
+	}
+	krb5_kt_free_entry(context, &kt_entry);
+    }
+    krb5_free_context(context);
+#endif
+    
+    return (retval ? kret : KSUCCESS);
 }
 
 /* kvno is passed by reference, so that if it is zero, and we find a match,