help-shishi
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Timestamping keys and keytabs.

From: Mats Erik Andersson
Subject: Timestamping keys and keytabs.
Date: Wed, 8 May 2013 19:43:18 +0200
User-agent: Mutt/1.5.18 (2008-05-17) 
Hello there,

for interoperability with Heimdal and MIT Kerberos
it seems to be instrumental to provide functional
timestamping of keys and in keytab translations.

The patch below implements a new field 'Timestamp'
within the ASCII rendered key representation.
The field uses Kerberos time and is optional
in the sense that its absence indicates epoch
time zero.

Using this patch with libshishi-HEAD, keytab2shishi
is able to translate to and fro Heimdal keytab and
Shishi keytab, including time stamps.

Can I get a blessing to implement this? Is there some
protocol matter of which I am ignorant, but which must
be taken into account? The code changes needed for getting
shisa to set time stamps at key generation time, are not
yet in final form, so I will get back to them next.

Best regards,
  Mats E A


diff --git a/lib/diskio.c b/lib/diskio.c
index 49e6734..3d31d46 100644
--- a/lib/diskio.c
+++ b/lib/diskio.c
@@ -960,6 +960,14 @@ shishi_key_parse (Shishi * handle, FILE * fh, Shishi_key 
** key)
            {
              shishi_key_principal_set (lkey, line + strlen ("Principal: "));
            }
+         else if (strncmp (line, "Timestamp: ", strlen ("Timestamp: ")) == 0)
+           {
+             time_t timestamp;
+
+             timestamp = shishi_generalize_ctime (handle,
+                               line + strlen ("Timestamp: "));
+             shishi_key_timestamp_set (lkey, timestamp);
+           }
        }
     }
 
@@ -985,6 +993,7 @@ shishi_key_parse (Shishi * handle, FILE * fh, Shishi_key ** 
key)
  * Principal: host/latte.josefsson.org
  * Realm: JOSEFSSON.ORG
  * Key-Version-Number: 1
+ * Timestamp: 20130420150337Z
  *
  * P1QdeW/oSiag/bTyVEBAY2msiGSTmgLXlopuCKoppDs=
  * -----END SHISHI KEY-----
@@ -1013,6 +1022,9 @@ shishi_key_print (Shishi * handle, FILE * fh, const 
Shishi_key * key)
     fprintf (fh, "Realm: %s\n", shishi_key_realm (key));
   if (shishi_key_version (key) != UINT32_MAX)
     fprintf (fh, "Key-Version-Number: %d\n", shishi_key_version (key));
+  if (shishi_key_timestamp (key))
+    fprintf (fh, "Timestamp: %s\n",
+            shishi_generalize_time (handle, shishi_key_timestamp (key)));
   fprintf (fh, "\n");
 
   for (i = 0; i < strlen (b64key); i++)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]