Timestamping keys and keytabs.

Mats Erik Andersson Wed, 08 May 2013 10:43:36 -0700

Hello there,

for interoperability with Heimdal and MIT Kerberos
it seems to be instrumental to provide functional
timestamping of keys and in keytab translations.


The patch below implements a new field 'Timestamp'
within the ASCII rendered key representation.
The field uses Kerberos time and is optional
in the sense that its absence indicates epoch
time zero.

Using this patch with libshishi-HEAD, keytab2shishi
is able to translate to and fro Heimdal keytab and
Shishi keytab, including time stamps.

Can I get a blessing to implement this? Is there some
protocol matter of which I am ignorant, but which must
be taken into account? The code changes needed for getting
shisa to set time stamps at key generation time, are not
yet in final form, so I will get back to them next.

Best regards,
  Mats E A


diff --git a/lib/diskio.c b/lib/diskio.c
index 49e6734..3d31d46 100644
--- a/lib/diskio.c
+++ b/lib/diskio.c
@@ -960,6 +960,14 @@ shishi_key_parse (Shishi * handle, FILE * fh, Shishi_key 
** key)
            {
              shishi_key_principal_set (lkey, line + strlen ("Principal: "));
            }
+         else if (strncmp (line, "Timestamp: ", strlen ("Timestamp: ")) == 0)
+           {
+             time_t timestamp;
+
+             timestamp = shishi_generalize_ctime (handle,
+                               line + strlen ("Timestamp: "));
+             shishi_key_timestamp_set (lkey, timestamp);
+           }
        }
     }
 
@@ -985,6 +993,7 @@ shishi_key_parse (Shishi * handle, FILE * fh, Shishi_key ** 
key)
  * Principal: host/latte.josefsson.org
  * Realm: JOSEFSSON.ORG
  * Key-Version-Number: 1
+ * Timestamp: 20130420150337Z
  *
  * P1QdeW/oSiag/bTyVEBAY2msiGSTmgLXlopuCKoppDs=
  * -----END SHISHI KEY-----
@@ -1013,6 +1022,9 @@ shishi_key_print (Shishi * handle, FILE * fh, const 
Shishi_key * key)
     fprintf (fh, "Realm: %s\n", shishi_key_realm (key));
   if (shishi_key_version (key) != UINT32_MAX)
     fprintf (fh, "Key-Version-Number: %d\n", shishi_key_version (key));
+  if (shishi_key_timestamp (key))
+    fprintf (fh, "Timestamp: %s\n",
+            shishi_generalize_time (handle, shishi_key_timestamp (key)));
   fprintf (fh, "\n");
 
   for (i = 0; i < strlen (b64key); i++)

_______________________________________________
Help-shishi mailing list
Help-shishi@gnu.org
https://lists.gnu.org/mailman/listinfo/help-shishi

Timestamping keys and keytabs.

Reply via email to