+Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu)
+
+ * decode_kdc.c, decrypt_tk.c, encode_kdc.c, encrypt_tk.c, gc_frm_kdc.c
+ * gc_via_tkt.c, get_in_tkt.c, in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c
+ * init_ctx.c, kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c
+ * mk_req_ext.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c,
+ * send_tgs.c, ser_ctx.c, ser_eblk.c, ser_key.c, t_ser.c:
+ Remove krb5_enctype references, and replace with
+ krb5_keytype where appropriate
+
Fri Sep 1 20:03:41 1995 Theodore Y. Ts'o <tytso@dcl>
* get_in_tkt.c (krb5_get_in_tkt): If kdc_settime is enabled, then
*/
krb5_error_code
-krb5_decode_kdc_rep(context, enc_rep, key, etype, dec_rep)
+krb5_decode_kdc_rep(context, enc_rep, key, dec_rep)
krb5_context context;
krb5_data * enc_rep;
const krb5_keyblock * key;
- const krb5_enctype etype;
krb5_kdc_rep ** dec_rep;
{
krb5_error_code retval;
if (retval)
return retval;
- if (local_dec_rep->enc_part.etype != etype) {
+ if (retval = krb5_kdc_rep_decrypt_proc(context, key, 0, local_dec_rep))
krb5_free_kdc_rep(context, local_dec_rep);
- return KRB5_WRONG_ETYPE;
- }
- retval = krb5_kdc_rep_decrypt_proc(context, key, 0, local_dec_rep);
- if (retval) {
- krb5_free_kdc_rep(context, local_dec_rep);
- return(retval);
- }
- *dec_rep = local_dec_rep;
- return 0;
+ else
+ *dec_rep = local_dec_rep;
+ return(retval);
}
krb5_data scratch;
krb5_error_code retval;
- if (!valid_etype(ticket->enc_part.etype))
+ if (!valid_keytype(ticket->enc_part.keytype))
return KRB5_PROG_ETYPE_NOSUPP;
/* put together an eblock for this encryption */
-
- krb5_use_cstype(context, &eblock, ticket->enc_part.etype);
+ krb5_use_keytype(context, &eblock, ticket->enc_part.keytype);
scratch.length = ticket->enc_part.ciphertext.length;
if (!(scratch.data = malloc(ticket->enc_part.ciphertext.length)))
return(ENOMEM);
/* do any necessary key pre-processing */
- retval = krb5_process_key(context, &eblock, srv_key);
- if (retval) {
+ if (retval = krb5_process_key(context, &eblock, srv_key)) {
free(scratch.data);
return(retval);
}
/* call the encryption routine */
- retval = krb5_decrypt(context, (krb5_pointer) ticket->enc_part.ciphertext.data,
- (krb5_pointer) scratch.data,
- scratch.length, &eblock, 0);
- if (retval) {
+ if (retval = krb5_decrypt(context,
+ (krb5_pointer) ticket->enc_part.ciphertext.data,
+ (krb5_pointer) scratch.data, scratch.length,
+ &eblock, 0)) {
(void) krb5_finish_key(context, &eblock);
free(scratch.data);
return retval;
ticket->enc_part2 = dec_tkt_part;
}
clean_scratch();
- ticket->enc_part2->session->etype = ticket->enc_part.etype;
return retval;
}
krb5_error_code retval;
krb5_enc_kdc_rep_part tmp_encpart;
- if (!valid_etype(dec_rep->enc_part.etype))
+ if (!valid_keytype(dec_rep->enc_part.keytype))
return KRB5_PROG_ETYPE_NOSUPP;
switch (type) {
goto clean_prockey;
}
- dec_rep->enc_part.etype = krb5_eblock_enctype(context, eblock);
+ dec_rep->enc_part.keytype = krb5_eblock_keytype(context, eblock);
/* do some cleanup */
cleanup_scratch();
goto clean_prockey;
}
- dec_ticket->enc_part.etype = krb5_eblock_enctype(context, eblock);
+ dec_ticket->enc_part.keytype = krb5_eblock_keytype(context, eblock);
/* ticket is now assembled-- do some cleanup */
cleanup_scratch();
/* helper macro: convert flags to necessary KDC options */
#define FLAGS2OPTS(flags) (flags & KDC_TKT_COMMON_MASK)
-#define TGT_ETYPE \
- krb5_keytype_array[tgt.keyblock.keytype]->system->proto_enctype;
krb5_error_code
krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts)
int ntgts = 0;
krb5_creds tgt, tgtq, *tgtr = NULL;
- krb5_enctype etype;
krb5_error_code retval;
krb5_principal int_server = NULL; /* Intermediate server for request */
goto cleanup;
tgtq.is_skey = FALSE;
tgtq.ticket_flags = tgt.ticket_flags;
- etype = TGT_ETYPE;
if ((retval = krb5_get_cred_via_tkt(context, &tgt,
FLAGS2OPTS(tgtq.ticket_flags),
tgt.addresses, &tgtq, &tgtr))) {
goto cleanup;
tgtq.is_skey = FALSE;
tgtq.ticket_flags = tgt.ticket_flags;
- etype = TGT_ETYPE;
if ((retval = krb5_get_cred_via_tkt(context, &tgt,
FLAGS2OPTS(tgtq.ticket_flags),
tgt.addresses,
goto cleanup;
}
- etype = TGT_ETYPE;
retval = krb5_get_cred_via_tkt(context, &tgt, FLAGS2OPTS(tgt.ticket_flags) |
(in_cred->second_ticket.length ?
KDC_OPT_ENC_TKT_IN_SKEY : 0),
(*ppcreds)->second_ticket = *pdata;
krb5_xfree(pdata);
- (*ppcreds)->keyblock.etype = pkdcrep->ticket->enc_part.etype;
(*ppcreds)->ticket_flags = pkdcrep->enc_part2->flags;
(*ppcreds)->times = pkdcrep->enc_part2->times;
(*ppcreds)->magic = KV5M_CREDS;
}
if ((retval = krb5_decode_kdc_rep(context, &tgsrep.response,
- &tkt->keyblock,
- tkt->keyblock.etype, &dec_rep)))
+ &tkt->keyblock, &dec_rep)))
goto error_4;
if (dec_rep->msg_type != KRB5_TGS_REP) {
krb5_const_pointer,
krb5_kdc_rep * ));
krb5_error_code
-krb5_get_in_tkt(context, options, addrs, etypes, ptypes, key_proc, keyseed,
+krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed,
decrypt_proc, decryptarg, creds, ccache, ret_as_reply)
krb5_context context;
const krb5_flags options;
krb5_address * const * addrs;
- krb5_enctype * etypes;
+ krb5_keytype * ktypes;
krb5_preauthtype * ptypes;
git_key_proc key_proc;
krb5_const_pointer keyseed;
krb5_ccache ccache;
krb5_kdc_rep ** ret_as_reply;
{
- krb5_keytype keytype;
- krb5_enctype etype;
+ krb5_keytype keytype, ktype;
krb5_kdc_req request;
krb5_kdc_rep *as_reply = 0;
krb5_error *err_reply;
request.till = creds->times.endtime;
request.rtime = creds->times.renew_till;
- if (etypes)
- request.etype = etypes;
+ if ((retval = krb5_timeofday(context, &time_now)))
+ goto cleanup;
+
+ /* XXX we know they are the same size... */
+ request.nonce = (krb5_int32) time_now;
+
+ if (ktypes)
+ request.ktype = ktypes;
else
- krb5_get_default_in_tkt_etypes(context, &request.etype);
- for (request.netypes = 0;request.etype[request.netypes];request.netypes++);
+ krb5_get_default_in_tkt_ktypes(context, &request.ktype);
+ for (request.nktypes = 0;request.ktype[request.nktypes];request.nktypes++);
request.authorization_data.ciphertext.length = 0;
request.authorization_data.ciphertext.data = 0;
request.unenc_authdata = 0;
/* encode & send to KDC */
retval = encode_krb5_as_req(&request, &packet);
- if (!etypes)
- free(request.etype);
+ if (!ktypes)
+ free(request.ktype);
if (retval)
goto cleanup;
}
/* Encryption type, keytype, */
- etype = as_reply->ticket->enc_part.etype;
- keytype = krb5_csarray[etype]->system->proto_keytype;
+ keytype = as_reply->ticket->enc_part.keytype;
/* and salt */
if (as_reply->padata) {
as_reply->enc_part2->session,
&creds->keyblock)))
goto cleanup;
- creds->keyblock.etype = as_reply->ticket->enc_part.etype;
creds->times = as_reply->enc_part2->times;
creds->is_skey = FALSE; /* this is an AS_REQ, so cannot
*/
krb5_error_code
-krb5_get_in_tkt_with_keytab(context, options, addrs, etypes, pre_auth_types,
+krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types,
keytab, ccache, creds, ret_as_reply)
krb5_context context;
const krb5_flags options;
krb5_address * const * addrs;
- krb5_enctype * etypes;
+ krb5_keytype * ktypes;
krb5_preauthtype * pre_auth_types;
const krb5_keytab keytab;
krb5_ccache ccache;
arg.keytab = keytab;
arg.client = creds->client;
- return (krb5_get_in_tkt(context, options, addrs, etypes, pre_auth_types,
+ return (krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types,
keytab_keyproc, (krb5_pointer)&arg,
krb5_kdc_rep_decrypt_proc, 0, creds,
ccache, ret_as_reply));
returns system errors, encryption errors
*/
krb5_error_code INTERFACE
-krb5_get_in_tkt_with_password(context, options, addrs, etypes, pre_auth_types,
+krb5_get_in_tkt_with_password(context, options, addrs, ktypes, pre_auth_types,
password, ccache, creds, ret_as_reply)
krb5_context context;
const krb5_flags options;
krb5_address * const * addrs;
- krb5_enctype * etypes;
+ krb5_keytype * ktypes;
krb5_preauthtype * pre_auth_types;
const char * password;
krb5_ccache ccache;
data.length = 0;
}
- retval = krb5_get_in_tkt(context, options, addrs, etypes, pre_auth_types,
+ retval = krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types,
pwd_keyproc, (krb5_pointer) &data,
krb5_kdc_rep_decrypt_proc, 0,
creds, ccache, ret_as_reply);
*/
krb5_error_code
-krb5_get_in_tkt_with_skey(context, options, addrs, etypes, pre_auth_types,
+krb5_get_in_tkt_with_skey(context, options, addrs, ktypes, pre_auth_types,
key, ccache, creds, ret_as_reply)
krb5_context context;
const krb5_flags options;
krb5_address * const * addrs;
- krb5_enctype * etypes;
+ krb5_keytype * ktypes;
krb5_preauthtype * pre_auth_types;
const krb5_keyblock * key;
krb5_ccache ccache;
{
if (key)
- return krb5_get_in_tkt(context, options, addrs, etypes, pre_auth_types,
+ return krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types,
skey_keyproc, (krb5_pointer)key,
krb5_kdc_rep_decrypt_proc, 0, creds,
ccache, ret_as_reply);
else
- return krb5_get_in_tkt_with_keytab(context, options, addrs, etypes,
+ return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes,
pre_auth_types, NULL, ccache,
creds, ret_as_reply);
}
ctx->magic = KV5M_CONTEXT;
/* Set the default encryption types, possible defined in krb5/conf */
- if ((retval = krb5_set_default_in_tkt_etypes(ctx, NULL)))
+ if ((retval = krb5_set_default_in_tkt_ktypes(ctx, NULL)))
goto cleanup;
if ((retval = krb5_os_init_context(ctx)))
{
krb5_os_free_context(ctx);
- if (ctx->etypes)
- free(ctx->etypes);
+ if (ctx->ktypes)
+ free(ctx->ktypes);
if (ctx->default_realm)
free(ctx->default_realm);
}
/*
- * Set the desired default etypes, making sure they are valid.
+ * Set the desired default ktypes, making sure they are valid.
*/
krb5_error_code
-krb5_set_default_in_tkt_etypes(context, etypes)
+krb5_set_default_in_tkt_ktypes(context, ktypes)
krb5_context context;
- const krb5_enctype *etypes;
+ const krb5_keytype *ktypes;
{
- krb5_enctype * new_etypes;
+ krb5_keytype * new_ktypes;
int i;
- if (etypes) {
- for (i = 0; etypes[i]; i++) {
- if (!valid_etype(etypes[i]))
+ if (ktypes) {
+ for (i = 0; ktypes[i]; i++) {
+ if (!valid_keytype(ktypes[i]))
return KRB5_PROG_ETYPE_NOSUPP;
}
- /* Now copy the default etypes into the context pointer */
- if ((new_etypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i)))
- memcpy(new_etypes, etypes, sizeof(krb5_enctype) * i);
+ /* Now copy the default ktypes into the context pointer */
+ if ((new_ktypes = (krb5_keytype *)malloc(sizeof(krb5_keytype) * i)))
+ memcpy(new_ktypes, ktypes, sizeof(krb5_keytype) * i);
else
return ENOMEM;
i = 2;
/* Should reset the list to the runtime defaults */
- if ((new_etypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i))) {
- new_etypes[0] = ETYPE_DES_CBC_MD5;
- new_etypes[1] = ETYPE_DES_CBC_CRC;
+ if ((new_ktypes = (krb5_keytype *)malloc(sizeof(krb5_keytype) * i))) {
+ new_ktypes[0] = KEYTYPE_DES_CBC_MD5;
+ new_ktypes[1] = KEYTYPE_DES_CBC_CRC;
} else {
return ENOMEM;
}
}
- if (context->etypes)
- free(context->etypes);
- context->etypes = new_etypes;
- context->etype_count = i;
+ if (context->ktypes)
+ free(context->ktypes);
+ context->ktypes = new_ktypes;
+ context->ktype_count = i;
return 0;
}
krb5_error_code
-krb5_get_default_in_tkt_etypes(context, etypes)
+krb5_get_default_in_tkt_ktypes(context, ktypes)
krb5_context context;
- krb5_enctype **etypes;
+ krb5_keytype **ktypes;
{
- krb5_enctype * old_etypes;
+ krb5_keytype * old_ktypes;
- if ((old_etypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) *
- (context->etype_count + 1)))) {
- memcpy(old_etypes, context->etypes, sizeof(krb5_enctype) *
- context->etype_count);
- old_etypes[context->etype_count] = 0;
+ if ((old_ktypes = (krb5_keytype *)malloc(sizeof(krb5_keytype) *
+ (context->ktype_count + 1)))) {
+ memcpy(old_ktypes, context->ktypes, sizeof(krb5_keytype) *
+ context->ktype_count);
+ old_ktypes[context->ktype_count] = 0;
} else {
return ENOMEM;
}
- *etypes = old_etypes;
+ *ktypes = old_ktypes;
return 0;
}
krb5_data scratch;
krb5_enc_kdc_rep_part *local_encpart;
- if (!valid_etype(dec_rep->enc_part.etype))
+ if (!valid_keytype(dec_rep->enc_part.keytype))
return KRB5_PROG_ETYPE_NOSUPP;
/* set up scratch decrypt/decode area */
/* put together an eblock for this encryption */
- krb5_use_cstype(context, &eblock, dec_rep->enc_part.etype);
+ krb5_use_keytype(context, &eblock, dec_rep->enc_part.keytype);
/* do any necessary key pre-processing */
if ((retval = krb5_process_key(context, &eblock, key))) {
krb5_encrypt_block eblock;
krb5_data * scratch;
- if (!valid_etype(pkeyblock->etype))
+ if (!valid_keytype(pkeyblock->keytype))
return KRB5_PROG_ETYPE_NOSUPP;
/* start by encoding to-be-encrypted part of the message */
/* put together an eblock for this encryption */
pencdata->kvno = 0;
- pencdata->etype = pkeyblock->etype;
+ pencdata->keytype = pkeyblock->keytype;
- krb5_use_cstype(context, &eblock, pkeyblock->etype);
+ krb5_use_keytype(context, &eblock, pkeyblock->keytype);
pencdata->ciphertext.length = krb5_encrypt_size(scratch->length,
eblock.crypto_entry);
krb5_priv_enc_part privmsg_enc_part;
krb5_data *scratch1, *scratch2;
- if (!valid_etype(keyblock->etype))
+ if (!valid_keytype(keyblock->keytype))
return KRB5_PROG_ETYPE_NOSUPP;
privmsg.enc_part.kvno = 0; /* XXX allow user-set? */
- privmsg.enc_part.etype = keyblock->etype;
+ privmsg.enc_part.keytype = keyblock->keytype;
privmsg_enc_part.user_data = *userdata;
privmsg_enc_part.s_address = local_addr;
return retval;
/* put together an eblock for this encryption */
- krb5_use_cstype(context, &eblock, keyblock->etype);
+ krb5_use_keytype(context, &eblock, keyblock->keytype);
privmsg.enc_part.ciphertext.length = krb5_encrypt_size(scratch1->length,
eblock.crypto_entry);
/* add padding area, and zero it */
{
krb5_error_code retval;
krb5_keytype keytype;
- krb5_enctype etype;
krb5_ap_rep_enc_part repl;
krb5_encrypt_block eblock;
krb5_ap_rep reply;
krb5_data * scratch;
krb5_data * toutbuf;
- /* verify a valid etype is available */
+ /* verify a valid keytype is available */
if (!valid_keytype(keytype = auth_context->keyblock->keytype))
return KRB5_PROG_KEYTYPE_NOSUPP;
- etype = krb5_keytype_array[keytype]->system->proto_enctype;
-
- if (!valid_etype(etype))
- return KRB5_PROG_ETYPE_NOSUPP;
-
/* Make the reply */
if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
return retval;
/* put together an eblock for this encryption */
- krb5_use_cstype(context, &eblock, etype);
- reply.enc_part.etype = etype;
+ krb5_use_keytype(context, &eblock, keytype);
+ reply.enc_part.keytype = keytype;
reply.enc_part.kvno = 0; /* XXX user set? */
reply.enc_part.ciphertext.length = krb5_encrypt_size(scratch->length,
if ((retval = decode_krb5_ticket(&(in_creds)->ticket, &request.ticket)))
return(retval);
- /* verify a valid etype is available */
- if (!valid_etype(request.ticket->enc_part.etype)) {
- retval = KRB5_PROG_ETYPE_NOSUPP;
+ /* verify a valid keytype is available */
+ if (!valid_keytype(request.ticket->enc_part.keytype)) {
+ retval = KRB5_PROG_KEYTYPE_NOSUPP;
goto cleanup;
}
/* put together an eblock for this encryption */
- krb5_use_cstype(context, &eblock, request.ticket->enc_part.etype);
- request.authenticator.etype = request.ticket->enc_part.etype;
+ krb5_use_keytype(context, &eblock, request.ticket->enc_part.keytype);
+ request.authenticator.keytype = request.ticket->enc_part.keytype;
request.authenticator.kvno = 0;
request.authenticator.ciphertext.length =
krb5_encrypt_size(scratch->length, eblock.crypto_entry);
krb5_error_code retval;
krb5_data scratch;
- if (!valid_etype(pcred->enc_part.etype))
+ if (!valid_keytype(pcred->enc_part.keytype))
return KRB5_PROG_ETYPE_NOSUPP;
/* put together an eblock for this decryption */
- krb5_use_cstype(context, &eblock, pcred->enc_part.etype);
+ krb5_use_keytype(context, &eblock, pcred->enc_part.keytype);
scratch.length = pcred->enc_part.ciphertext.length;
if (!(scratch.data = (char *)malloc(scratch.length)))
if ((retval = decode_krb5_priv(inbuf, &privmsg)))
return retval;
- if (!valid_etype(privmsg->enc_part.etype)) {
+ if (!valid_keytype(privmsg->enc_part.keytype)) {
retval = KRB5_PROG_ETYPE_NOSUPP;
goto cleanup_privmsg;
}
/* put together an eblock for this decryption */
- krb5_use_cstype(context, &eblock, privmsg->enc_part.etype);
+ krb5_use_keytype(context, &eblock, privmsg->enc_part.keytype);
scratch.length = privmsg->enc_part.ciphertext.length;
if (!(scratch.data = malloc(scratch.length))) {
/* put together an eblock for this encryption */
- if (!valid_etype(reply->enc_part.etype)) {
+ if (!valid_keytype(reply->enc_part.keytype)) {
krb5_free_ap_rep(context, reply);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return KRB5_PROG_KEYTYPE_NOSUPP;
}
- krb5_use_cstype(context, &eblock, reply->enc_part.etype);
+ krb5_use_keytype(context, &eblock, reply->enc_part.keytype);
scratch.length = reply->enc_part.ciphertext.length;
if (!(scratch.data = malloc(scratch.length))) {
/* Set auth subkey */
if ((*repl)->subkey) {
- (*repl)->subkey->etype = reply->enc_part.etype;
retval = krb5_copy_keyblock(context, (*repl)->subkey,
&auth_context->remote_subkey);
}
krb5_keytab_entry ktent;
/*
- * OK we know the encryption type req->ticket->enc_part.etype,
+ * OK we know the encryption type req->ticket->enc_part.keytype,
* and now we need to get the keytype
*/
- keytype = krb5_csarray[req->ticket->enc_part.etype]->system->proto_keytype;
+ keytype = req->ticket->enc_part.keytype;
if ((retval = krb5_kt_get_entry(context, keytab, req->ticket->server,
req->ticket->enc_part.kvno,
/* put together an eblock for this encryption */
- if (!valid_etype(request->authenticator.etype))
- return KRB5_PROG_ETYPE_NOSUPP;
-
- krb5_use_cstype(context, &eblock, request->authenticator.etype);
+ krb5_use_keytype(context, &eblock, request->authenticator.keytype);
scratch.length = request->authenticator.ciphertext.length;
if (!(scratch.data = malloc(scratch.length)))
/* now decode the decrypted stuff */
if (!(retval = decode_krb5_authenticator(&scratch, &local_auth))) {
*authpp = local_auth;
- if (local_auth->subkey)
- local_auth->subkey->etype = request->authenticator.etype;
}
clean_scratch();
return retval;
Sends a request to the TGS and waits for a response.
options is used for the options in the KRB_TGS_REQ.
timestruct values are used for from, till, rtime " " "
- etype is used for etype " " ", and to encrypt the authorization data,
+ keytype is used for keytype " " ", and to encrypt the authorization data,
sname is used for sname " " "
addrs, if non-NULL, is used for addresses " " "
authorization_dat, if non-NULL, is used for authorization_dat " " "
goto cleanup_data;
/* put together an eblock for this encryption */
- krb5_use_cstype(context, &eblock, request.ticket->enc_part.etype);
- request.authenticator.etype = request.ticket->enc_part.etype;
+ krb5_use_keytype(context, &eblock, request.ticket->enc_part.keytype);
+ request.authenticator.keytype = request.ticket->enc_part.keytype;
request.authenticator.ciphertext.length =
krb5_encrypt_size(scratch->length, eblock.crypto_entry);
}
krb5_error_code
-krb5_send_tgs(context, kdcoptions, timestruct, etypes, sname, addrs,
+krb5_send_tgs(context, kdcoptions, timestruct, ktypes, sname, addrs,
authorization_data, padata, second_ticket, in_cred, rep)
krb5_context context;
const krb5_flags kdcoptions;
const krb5_ticket_times * timestruct;
- const krb5_enctype * etypes;
+ const krb5_keytype * ktypes;
krb5_const_principal sname;
krb5_address * const * addrs;
krb5_authdata * const * authorization_data;
if ((retval = encode_krb5_authdata((const krb5_authdata**)authorization_data,
&scratch)))
return(retval);
- krb5_use_cstype(context, &eblock, in_cred->keyblock.etype);
- tgsreq.authorization_data.etype = in_cred->keyblock.etype;
+ krb5_use_keytype(context, &eblock, in_cred->keyblock.keytype);
+ tgsreq.authorization_data.keytype = in_cred->keyblock.keytype;
tgsreq.authorization_data.kvno = 0; /* ticket session key has */
/* no version */
tgsreq.authorization_data.ciphertext.length =
}
/* Get the encryption types list */
- if (etypes) {
- /* Check passed etypes and make sure they're valid. */
- for (tgsreq.netypes = 0; etypes[tgsreq.netypes]; tgsreq.netypes++) {
- if (!valid_etype(etypes[tgsreq.netypes]))
- return KRB5_PROG_ETYPE_NOSUPP;
+ if (ktypes) {
+ /* Check passed ktypes and make sure they're valid. */
+ for (tgsreq.nktypes = 0; ktypes[tgsreq.nktypes]; tgsreq.nktypes++) {
+ if (!valid_keytype(ktypes[tgsreq.nktypes]))
+ return KRB5_PROG_KEYTYPE_NOSUPP;
}
- tgsreq.etype = (krb5_enctype *)etypes;
+ tgsreq.ktype = (krb5_keytype *)ktypes;
} else {
- /* Get the default etypes */
- krb5_get_default_in_tkt_etypes(context, &(tgsreq.etype));
- for(tgsreq.netypes = 0; tgsreq.etype[tgsreq.netypes]; tgsreq.netypes++);
+ /* Get the default ktypes */
+ krb5_get_default_in_tkt_ktypes(context, &(tgsreq.ktype));
+ for(tgsreq.nktypes = 0; tgsreq.ktype[tgsreq.nktypes]; tgsreq.nktypes++);
}
if (second_ticket) {
krb5_free_ticket(context, sec_ticket);
send_tgs_error_1:;
- if (etypes == NULL)
- krb5_xfree(tgsreq.etype);
+ if (ktypes == NULL)
+ krb5_xfree(tgsreq.ktype);
if (tgsreq.authorization_data.ciphertext.data) {
memset(tgsreq.authorization_data.ciphertext.data, 0,
tgsreq.authorization_data.ciphertext.length);
* krb5_int32 for KV5M_CONTEXT
* krb5_int32 for sizeof(default_realm)
* strlen(default_realm) for default_realm.
- * krb5_int32 for netypes*sizeof(krb5_int32)
- * netypes*sizeof(krb5_int32) for etypes.
+ * krb5_int32 for nktypes*sizeof(krb5_int32)
+ * nktypes*sizeof(krb5_int32) for ktypes.
* krb5_int32 for trailer.
*/
kret = EINVAL;
sizeof(krb5_int32) +
sizeof(krb5_int32) +
sizeof(krb5_int32) +
- (context->etype_count * sizeof(krb5_int32)));
+ (context->ktype_count * sizeof(krb5_int32)));
if (context->default_realm)
required += strlen(context->default_realm);
strlen(context->default_realm),
&bp, &remain);
- /* Now number of etypes */
- (void) krb5_ser_pack_int32((krb5_int32) context->etype_count,
+ /* Now number of ktypes */
+ (void) krb5_ser_pack_int32((krb5_int32) context->ktype_count,
&bp, &remain);
- /* Now serialize etypes */
- for (i=0; i<context->etype_count; i++)
- (void) krb5_ser_pack_int32((krb5_int32) context->etypes[i],
+ /* Now serialize ktypes */
+ for (i=0; i<context->ktype_count; i++)
+ (void) krb5_ser_pack_int32((krb5_int32) context->ktypes[i],
&bp, &remain);
kret = 0;
context->default_realm[ibuf] = '\0';
}
- /* Get the number of etypes */
+ /* Get the number of ktypes */
if (!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) {
/* Reduce it to a count */
- context->etype_count = ibuf;
- if ((context->etypes = (krb5_enctype *)
- malloc(sizeof(krb5_enctype) *
- (context->etype_count+1)))) {
- memset(context->etypes,
+ context->ktype_count = ibuf;
+ if ((context->ktypes = (krb5_keytype *)
+ malloc(sizeof(krb5_keytype) *
+ (context->ktype_count+1)))) {
+ memset(context->ktypes,
0,
- sizeof(krb5_enctype) *
- (context->etype_count + 1));
- for (i=0; i<context->etype_count; i++) {
+ sizeof(krb5_keytype) *
+ (context->ktype_count + 1));
+ for (i=0; i<context->ktype_count; i++) {
if ((kret = krb5_ser_unpack_int32(&ibuf,
&bp, &remain)))
break;
- context->etypes[i] = (krb5_enctype) ibuf;
+ context->ktypes[i] = (krb5_keytype) ibuf;
}
}
}
malloc(sizeof(struct _krb5_os_context))) &&
(remain >= 4*sizeof(krb5_int32))) {
memset(os_ctx, 0, sizeof(struct _krb5_os_context));
+ os_ctx->magic = KV5M_OS_CONTEXT;
/* Read out our context */
(void) krb5_ser_unpack_int32(&os_ctx->time_offset, &bp, &remain);
kret = 0;
*buffer = bp;
*lenremain = remain;
- }
- else
+ } else
kret = EINVAL;
}
}
size_t required;
/*
- * NOTE: This ASSuMES that keytype and etype are sufficient to recreate
+ * NOTE: This ASSuMES that keytype are sufficient to recreate
* the _krb5_cryptosystem_entry. If this is not true, then something else
* had better be encoded here.
*
* krb5_encrypt_block base requirements:
* krb5_int32 for KV5M_ENCRYPT_BLOCK
* krb5_int32 for keytype
- * krb5_int32 for etype;
* krb5_int32 for private length
* encrypt_block->priv_size for private contents
* krb5_int32 for KV5M_ENCRYPT_BLOCK
crypto_entry->proto_keytype,
&bp, &remain);
- /* Our etype */
- (void) krb5_ser_pack_int32((krb5_int32) encrypt_block->
- crypto_entry->proto_enctype,
- &bp, &remain);
-
/* Our length */
(void) krb5_ser_pack_int32((krb5_int32) encrypt_block->priv_size,
&bp, &remain);
krb5_encrypt_block *encrypt_block;
krb5_int32 ibuf;
krb5_keytype ktype;
- krb5_enctype etype;
krb5_octet *bp;
size_t remain;
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
ktype = (krb5_keytype) ibuf;
- /* Get the etype */
- (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
- etype = (krb5_enctype) ibuf;
-
- /*
- * Use the etype to determine the crypto_system entry. In the
- * future, we may need to use a combination of keytype/etype or
- * just keytype here.
- */
- krb5_use_cstype(kcontext, encrypt_block, etype);
+ /* Use the ktype to determine the crypto_system entry. */
+ krb5_use_keytype(kcontext, encrypt_block, ktype);
/* Get the length */
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
* krb5_keyblock requires:
* krb5_int32 for KV5M_KEYBLOCK
* krb5_int32 for keytype
- * krb5_int32 for etype;
* krb5_int32 for length
* keyblock->length for contents
* krb5_int32 for KV5M_KEYBLOCK
(void) krb5_ser_pack_int32((krb5_int32) keyblock->keytype,
&bp, &remain);
- /* Our etype */
- (void) krb5_ser_pack_int32((krb5_int32) keyblock->etype,
- &bp, &remain);
-
/* Our length */
(void) krb5_ser_pack_int32((krb5_int32) keyblock->length,
&bp, &remain);
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
keyblock->keytype = (krb5_keytype) ibuf;
- /* Get the etype */
- (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
- keyblock->etype = (krb5_enctype) ibuf;
-
/* Get the length */
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
keyblock->length = (int) ibuf;
KV5M_AUTH_CONTEXT))) {
memset(&ukeyblock, 0, sizeof(ukeyblock));
memset(keydata, 0, sizeof(keydata));
- ukeyblock.keytype = KEYTYPE_DES;
- ukeyblock.etype = ETYPE_DES_CBC_MD5;
+ ukeyblock.keytype = KEYTYPE_DES_CBC_MD5;
ukeyblock.length = sizeof(keydata);
ukeyblock.contents = keydata;
keydata[0] = 0xde;
memset(&eblock, 0, sizeof(krb5_encrypt_block));
eblock.magic = KV5M_ENCRYPT_BLOCK;
- krb5_use_cstype(kcontext, &eblock, DEFAULT_KDC_ETYPE);
+ krb5_use_keytype(kcontext, &eblock, DEFAULT_KDC_KEYTYPE);
if (!(kret = ser_data(verbose, "> NULL eblock",
(krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) {
eblock.priv = (krb5_pointer) ser_eblock_test;
KV5M_ENCRYPT_BLOCK))) {
memset(&ukeyblock, 0, sizeof(ukeyblock));
memset(keydata, 0, sizeof(keydata));
- ukeyblock.keytype = KEYTYPE_DES;
- ukeyblock.etype = ETYPE_DES_CBC_MD5;
+ ukeyblock.keytype = KEYTYPE_DES_CBC_MD5;
ukeyblock.length = sizeof(keydata);
ukeyblock.contents = keydata;
keydata[0] = 0xde;
projects / krb5.git / commitdiff