+Tue Sep 12 12:40:30 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
+
+ * t_ser.c (ser_cksum_test): Work around an optimizer bug unser
+ OSF/1 and gcc.
+
Sun Sep 10 12:00:00 1995 James Mattly (mattly@fusion.com)
* gen_seqnum.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday
* mk_req_ext.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday
* send_tgs.c: change usage of krb5_timeofday over to krb5_crypto_us_timeofday
+Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu)
+
+ * auth_con.c, decrypt_tk.c, encode_kdc.c, encrypt_tk.c,
+ * gc_frm_kdc.c, gen_seqnum.c, get_creds.c, get_in_tkt.c,
+ * in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c, init_ctx.c,
+ * kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c, mk_req._ext.c,
+ * preauth.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c,
+ * send_tgs.c, sendauth.c, ser_actx.c, ser_ctx.c, ser_eblk.c,
+ * ser_key.c, t_ser.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
+
Wed Sept 6 12:00:00 EDT 1995 James Mattly (mattly@fusion.com)
* get_in_tkt.c: change usage of krb5_timeofday to krb5_crypto_us_timeofday
* unparse.c: include <stdio.h>
+Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu)
+
+ * decode_kdc.c, decrypt_tk.c, encode_kdc.c, encrypt_tk.c, gc_frm_kdc.c
+ * gc_via_tkt.c, get_in_tkt.c, in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c
+ * init_ctx.c, kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c
+ * mk_req_ext.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c,
+ * send_tgs.c, ser_ctx.c, ser_eblk.c, ser_key.c, t_ser.c:
+ Remove krb5_enctype references, and replace with
+ krb5_keytype where appropriate
+
+Fri Sep 1 20:03:41 1995 Theodore Y. Ts'o <tytso@dcl>
+
+ * get_in_tkt.c (krb5_get_in_tkt): If kdc_settime is enabled, then
+ set the time_offset fields from the returned ticket's
+ authtime value.
+
+ * init_ctx.c (krb5_init_context): Initialize new fields in
+ krb5_context (clockskew, kdc_req_sumtype, and
+ kdc_default_options).
+
+ * gc_via_tkt.c (krb5_get_cred_via_tkt): Perform the necessary
+ sanity checking on the KDC response to make sure we detect
+ tampering.
+
+ * send_tgs.c (krb5_send_tgs): Set the expected nonce in the
+ response structure.
+
+ * krbconfig.c: Set the default checksum to use MD5
+
Fri Sep 1 11:16:43 EDT 1995 Paul Park (pjpark@mit.edu)
* ser_ctx.c - Add handling of new time offset fields in the os_context.
krb5_auth_context auth_context;
{
if (auth_context->keyblock) {
- int size = krb5_keytype_array[auth_context->keyblock->keytype]->
+ int size = krb5_enctype_array[auth_context->keyblock->enctype]->
system->block_length;
if ((auth_context->i_vector = (krb5_pointer)malloc(size))) {
*/
krb5_error_code
-krb5_decode_kdc_rep(context, enc_rep, key, etype, dec_rep)
+krb5_decode_kdc_rep(context, enc_rep, key, dec_rep)
krb5_context context;
krb5_data * enc_rep;
const krb5_keyblock * key;
- const krb5_enctype etype;
krb5_kdc_rep ** dec_rep;
{
krb5_error_code retval;
if (retval)
return retval;
- if (local_dec_rep->enc_part.etype != etype) {
+ if (retval = krb5_kdc_rep_decrypt_proc(context, key, 0, local_dec_rep))
krb5_free_kdc_rep(context, local_dec_rep);
- return KRB5_WRONG_ETYPE;
- }
- retval = krb5_kdc_rep_decrypt_proc(context, key, 0, local_dec_rep);
- if (retval) {
- krb5_free_kdc_rep(context, local_dec_rep);
- return(retval);
- }
- *dec_rep = local_dec_rep;
- return 0;
+ else
+ *dec_rep = local_dec_rep;
+ return(retval);
}
krb5_data scratch;
krb5_error_code retval;
- if (!valid_etype(ticket->enc_part.etype))
+ if (!valid_enctype(ticket->enc_part.enctype))
return KRB5_PROG_ETYPE_NOSUPP;
/* put together an eblock for this encryption */
-
- krb5_use_cstype(context, &eblock, ticket->enc_part.etype);
+ krb5_use_enctype(context, &eblock, ticket->enc_part.enctype);
scratch.length = ticket->enc_part.ciphertext.length;
if (!(scratch.data = malloc(ticket->enc_part.ciphertext.length)))
return(ENOMEM);
/* do any necessary key pre-processing */
- retval = krb5_process_key(context, &eblock, srv_key);
- if (retval) {
+ if (retval = krb5_process_key(context, &eblock, srv_key)) {
free(scratch.data);
return(retval);
}
/* call the encryption routine */
- retval = krb5_decrypt(context, (krb5_pointer) ticket->enc_part.ciphertext.data,
- (krb5_pointer) scratch.data,
- scratch.length, &eblock, 0);
- if (retval) {
+ if (retval = krb5_decrypt(context,
+ (krb5_pointer) ticket->enc_part.ciphertext.data,
+ (krb5_pointer) scratch.data, scratch.length,
+ &eblock, 0)) {
(void) krb5_finish_key(context, &eblock);
free(scratch.data);
return retval;
ticket->enc_part2 = dec_tkt_part;
}
clean_scratch();
- ticket->enc_part2->session->etype = ticket->enc_part.etype;
return retval;
}
krb5_error_code retval;
krb5_enc_kdc_rep_part tmp_encpart;
- if (!valid_etype(dec_rep->enc_part.etype))
+ if (!valid_enctype(dec_rep->enc_part.enctype))
return KRB5_PROG_ETYPE_NOSUPP;
switch (type) {
goto clean_prockey;
}
- dec_rep->enc_part.etype = krb5_eblock_enctype(context, eblock);
+ dec_rep->enc_part.enctype = krb5_eblock_enctype(context, eblock);
/* do some cleanup */
cleanup_scratch();
goto clean_prockey;
}
- dec_ticket->enc_part.etype = krb5_eblock_enctype(context, eblock);
+ dec_ticket->enc_part.enctype = krb5_eblock_enctype(context, eblock);
/* ticket is now assembled-- do some cleanup */
cleanup_scratch();
/* helper macro: convert flags to necessary KDC options */
#define FLAGS2OPTS(flags) (flags & KDC_TKT_COMMON_MASK)
-#define TGT_ETYPE \
- krb5_keytype_array[tgt.keyblock.keytype]->system->proto_enctype;
krb5_error_code
krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts)
int ntgts = 0;
krb5_creds tgt, tgtq, *tgtr = NULL;
- krb5_enctype etype;
krb5_error_code retval;
krb5_principal int_server = NULL; /* Intermediate server for request */
/* didn't find it in the cache so try and get one */
/* with current tgt. */
- if (!valid_keytype(tgt.keyblock.keytype)) {
- retval = KRB5_PROG_KEYTYPE_NOSUPP;
+ if (!valid_enctype(tgt.keyblock.enctype)) {
+ retval = KRB5_PROG_ETYPE_NOSUPP;
goto cleanup;
}
goto cleanup;
tgtq.is_skey = FALSE;
tgtq.ticket_flags = tgt.ticket_flags;
- etype = TGT_ETYPE;
if ((retval = krb5_get_cred_via_tkt(context, &tgt,
FLAGS2OPTS(tgtq.ticket_flags),
tgt.addresses, &tgtq, &tgtr))) {
/* not in the cache so try and get one with our current tgt. */
- if (!valid_keytype(tgt.keyblock.keytype)) {
- retval = KRB5_PROG_KEYTYPE_NOSUPP;
+ if (!valid_enctype(tgt.keyblock.enctype)) {
+ retval = KRB5_PROG_ETYPE_NOSUPP;
goto cleanup;
}
goto cleanup;
tgtq.is_skey = FALSE;
tgtq.ticket_flags = tgt.ticket_flags;
- etype = TGT_ETYPE;
if ((retval = krb5_get_cred_via_tkt(context, &tgt,
FLAGS2OPTS(tgtq.ticket_flags),
tgt.addresses,
/* got/finally have tgt! try for the creds */
- if (!valid_keytype(tgt.keyblock.keytype)) {
- retval = KRB5_PROG_KEYTYPE_NOSUPP;
+ if (!valid_enctype(tgt.keyblock.enctype)) {
+ retval = KRB5_PROG_ETYPE_NOSUPP;
goto cleanup;
}
- etype = TGT_ETYPE;
retval = krb5_get_cred_via_tkt(context, &tgt, FLAGS2OPTS(tgt.ticket_flags) |
(in_cred->second_ticket.length ?
KDC_OPT_ENC_TKT_IN_SKEY : 0),
#include "k5-int.h"
#include "int-proto.h"
+extern krb5_deltat krb5_clockskew;
+#define in_clock_skew(date, now) (labs((date)-(now)) < krb5_clockskew)
+
static krb5_error_code
krb5_kdcrep2creds(context, pkdcrep, address, psectkt, ppcreds)
krb5_context context;
(*ppcreds)->second_ticket = *pdata;
krb5_xfree(pdata);
- (*ppcreds)->keyblock.etype = pkdcrep->ticket->enc_part.etype;
(*ppcreds)->ticket_flags = pkdcrep->enc_part2->flags;
(*ppcreds)->times = pkdcrep->enc_part2->times;
(*ppcreds)->magic = KV5M_CREDS;
if (retval) /* neither proper reply nor error! */
goto error_4;
-#if 0
- /* XXX need access to the actual assembled request...
- need a change to send_tgs */
- if ((err_reply->ctime != request.ctime) ||
- !krb5_principal_compare(context,err_reply->server,request.server) ||
- !krb5_principal_compare(context, err_reply->client, request.client))
- retval = KRB5_KDCREP_MODIFIED;
- else
-#endif
- retval = err_reply->error + ERROR_TABLE_BASE_krb5;
+ retval = err_reply->error + ERROR_TABLE_BASE_krb5;
krb5_free_error(context, err_reply);
goto error_4;
}
if ((retval = krb5_decode_kdc_rep(context, &tgsrep.response,
- &tkt->keyblock,
- tkt->keyblock.etype, &dec_rep)))
+ &tkt->keyblock, &dec_rep)))
goto error_4;
if (dec_rep->msg_type != KRB5_TGS_REP) {
goto error_3;
}
- /* now it's decrypted and ready for prime time */
- if (!krb5_principal_compare(context, dec_rep->client, tkt->client)) {
+ /* make sure the response hasn't been tampered with..... */
+ if (!krb5_principal_compare(context, dec_rep->client, tkt->client) ||
+ !krb5_principal_compare(context, dec_rep->enc_part2->server,
+ in_cred->server) ||
+ !krb5_principal_compare(context, dec_rep->ticket->server,
+ in_cred->server) ||
+ (dec_rep->enc_part2->nonce != tgsrep.expected_nonce) ||
+ ((in_cred->times.starttime != 0) &&
+ (in_cred->times.starttime != dec_rep->enc_part2->times.starttime)) ||
+ ((in_cred->times.endtime != 0) &&
+ (dec_rep->enc_part2->times.endtime > in_cred->times.endtime)) ||
+ ((kdcoptions & KDC_OPT_RENEWABLE) &&
+ (in_cred->times.renew_till != 0) &&
+ (dec_rep->enc_part2->times.renew_till > in_cred->times.renew_till)) ||
+ ((kdcoptions & KDC_OPT_RENEWABLE_OK) &&
+ (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) &&
+ (in_cred->times.endtime != 0) &&
+ (dec_rep->enc_part2->times.renew_till > in_cred->times.endtime))
+ ) {
retval = KRB5_KDCREP_MODIFIED;
goto error_3;
}
-#if 0
- /* XXX probably need access to the request */
- /* check the contents for sanity: */
- if (!krb5_principal_compare(context, dec_rep->client, request.client)
- || !krb5_principal_compare(context, dec_rep->enc_part2->server, request.server)
- || !krb5_principal_compare(context, dec_rep->ticket->server, request.server)
- || (request.nonce != dec_rep->enc_part2->nonce)
- /* XXX check for extraneous flags */
- /* XXX || (!krb5_addresses_compare(context, addrs, dec_rep->enc_part2->caddrs)) */
- || ((request.from != 0) &&
- (request.from != dec_rep->enc_part2->times.starttime))
- || ((request.till != 0) &&
- (dec_rep->enc_part2->times.endtime > request.till))
- || ((request.kdc_options & KDC_OPT_RENEWABLE) &&
- (request.rtime != 0) &&
- (dec_rep->enc_part2->times.renew_till > request.rtime))
- || ((request.kdc_options & KDC_OPT_RENEWABLE_OK) &&
- (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) &&
- (request.till != 0) &&
- (dec_rep->enc_part2->times.renew_till > request.till))
- )
- retval = KRB5_KDCREP_MODIFIED;
-
- if (!request.from && !in_clock_skew(dec_rep->enc_part2->times.starttime)) {
+ if (!in_cred->times.starttime &&
+ !in_clock_skew(dec_rep->enc_part2->times.starttime,
+ tgsrep.request_time)) {
retval = KRB5_KDCREP_SKEW;
goto error_3;
}
-#endif
-
retval = krb5_kdcrep2creds(context, dec_rep, address,
&in_cred->second_ticket, out_cred);
krb5_octet *intmp = 0, *outtmp = 0;
int esize;
- if (!valid_keytype(key->keytype))
- return KRB5_PROG_KEYTYPE_NOSUPP;
+ if (!valid_enctype(key->enctype))
+ return KRB5_PROG_ETYPE_NOSUPP;
- krb5_use_keytype(context, &eblock, key->keytype);
+ krb5_use_enctype(context, &eblock, key->enctype);
if ((retval = krb5_init_random_key(context, &eblock, key, &random_state)))
return(retval);
krb5_encrypt_block eblock;
krb5_error_code retval;
- if (!valid_keytype(key->keytype))
- return KRB5_PROG_KEYTYPE_NOSUPP;
+ if (!valid_enctype(key->enctype))
+ return KRB5_PROG_ETYPE_NOSUPP;
- krb5_use_keytype(context, &eblock, key->keytype);
+ krb5_use_enctype(context, &eblock, key->enctype);
if ((retval = krb5_init_random_key(context, &eblock, key, &random_state)))
return(retval);
client identified by in_creds->client, the server identified by
in_creds->server, with options options, expiration date specified in
in_creds->times.endtime (0 means as long as possible), session key type
- specified in in_creds->keyblock.keytype (if non-zero)
+ specified in in_creds->keyblock.enctype (if non-zero)
Any returned ticket and intermediate ticket-granting tickets are
stored in ccache.
/* some typedef's for the function args to make things look a bit cleaner */
typedef krb5_error_code (*git_key_proc) PROTOTYPE((krb5_context,
- const krb5_keytype,
+ const krb5_enctype,
krb5_data *,
krb5_const_pointer,
krb5_keyblock **));
krb5_const_pointer,
krb5_kdc_rep * ));
krb5_error_code
-krb5_get_in_tkt(context, options, addrs, etypes, ptypes, key_proc, keyseed,
+krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed,
decrypt_proc, decryptarg, creds, ccache, ret_as_reply)
krb5_context context;
const krb5_flags options;
krb5_address * const * addrs;
- krb5_enctype * etypes;
+ krb5_enctype * ktypes;
krb5_preauthtype * ptypes;
git_key_proc key_proc;
krb5_const_pointer keyseed;
krb5_ccache ccache;
krb5_kdc_rep ** ret_as_reply;
{
- krb5_keytype keytype;
- krb5_enctype etype;
+ krb5_enctype enctype, ktype;
krb5_kdc_req request;
krb5_kdc_rep *as_reply = 0;
krb5_error *err_reply;
krb5_keyblock *decrypt_key = 0;
krb5_timestamp time_now;
/* krb5_pa_data *padata; */
+ krb5_pa_data **preauth_to_use = 0;
int f_salt = 0, use_salt = 0;
krb5_data salt;
char k4_version; /* same type as *(krb5_data::data) */
* default. But if we're changing salts, because of a
* realm renaming, or some such, this won't work.
*/
-/* retval = (*key_proc)(context, keytype, &decrypt_key, keyseed, 0); */
+/* retval = (*key_proc)(context, enctype, &decrypt_key, keyseed, 0); */
if (retval)
return retval;
request.padata = (krb5_pa_data **) malloc(sizeof(krb5_pa_data *)
request.till = creds->times.endtime;
request.rtime = creds->times.renew_till;
-{
-krb5_int32 usec;
-#if 0
if ((retval = krb5_timeofday(context, &time_now)))
goto cleanup;
-#else
- if ((retval = krb5_us_timeofday(context, &time_now, &usec)))
- goto cleanup;
-#endif
-}
/* XXX we know they are the same size... */
request.nonce = (krb5_int32) time_now;
- if (etypes)
- request.etype = etypes;
+ if (ktypes)
+ request.ktype = ktypes;
else
- krb5_get_default_in_tkt_etypes(context, &request.etype);
- for (request.netypes = 0;request.etype[request.netypes];request.netypes++);
+ krb5_get_default_in_tkt_ktypes(context, &request.ktype);
+ for (request.nktypes = 0;request.ktype[request.nktypes];request.nktypes++);
request.authorization_data.ciphertext.length = 0;
request.authorization_data.ciphertext.data = 0;
request.unenc_authdata = 0;
request.second_ticket = 0;
+ if ((retval = krb5_timeofday(context, &time_now)))
+ goto cleanup;
+
+ /* XXX we know they are the same size... */
+ request.nonce = (krb5_int32) time_now;
+
/* encode & send to KDC */
retval = encode_krb5_as_req(&request, &packet);
- if (!etypes)
- free(request.etype);
+ if (!ktypes)
+ free(request.ktype);
if (retval)
goto cleanup;
/* some other error code--??? */
goto cleanup;
- /* it was an error */
+ if (err_reply->error == KDC_ERR_PREAUTH_REQUIRED &&
+ err_reply->e_data.length > 0) {
+ retval = decode_krb5_padata_sequence(&err_reply->e_data,
+ &preauth_to_use);
+ /* XXX we need to actually do something with the info */
+ krb5_free_pa_data(context, preauth_to_use);
+ }
- if ((err_reply->ctime != request.nonce) ||
- !krb5_principal_compare(context, err_reply->server, request.server) ||
- !krb5_principal_compare(context, err_reply->client, request.client))
- retval = KRB5_KDCREP_MODIFIED;
- else
- retval = err_reply->error + ERROR_TABLE_BASE_krb5;
+ retval = err_reply->error + ERROR_TABLE_BASE_krb5;
/* XXX somehow make error msg text available to application? */
goto cleanup;
}
- /* Encryption type, keytype, */
- etype = as_reply->ticket->enc_part.etype;
- keytype = krb5_csarray[etype]->system->proto_keytype;
+ /* Encryption type, enctype, */
+ enctype = as_reply->ticket->enc_part.enctype;
/* and salt */
if (as_reply->padata) {
/* it was a kdc_rep--decrypt & check */
/* Generate the key, if we haven't done so already. */
if (!decrypt_key) {
- if ((retval = (*key_proc)(context, keytype, & salt, keyseed,
+ if ((retval = (*key_proc)(context, enctype, & salt, keyseed,
&decrypt_key)))
goto cleanup;
}
retval = KRB5_KDCREP_SKEW;
goto cleanup;
}
-
+
+ if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME)
+ krb5_set_time_offsets(context,
+ as_reply->enc_part2->times.authtime - time_now,
+ 0);
/* XXX issue warning if as_reply->enc_part2->key_exp is nearby */
as_reply->enc_part2->session,
&creds->keyblock)))
goto cleanup;
- creds->keyblock.etype = as_reply->ticket->enc_part.etype;
creds->times = as_reply->enc_part2->times;
creds->is_skey = FALSE; /* this is an AS_REQ, so cannot
*/
krb5_error_code keytab_keyproc
PROTOTYPE((krb5_context,
- const krb5_keytype,
+ const krb5_enctype,
krb5_data *,
krb5_const_pointer,
krb5_keyblock **));
krb5_error_code
keytab_keyproc(context, type, salt, keyseed, key)
krb5_context context;
- const krb5_keytype type;
+ const krb5_enctype type;
krb5_data * salt;
krb5_const_pointer keyseed;
krb5_keyblock ** key;
kt_id = arg->keytab;
- if (!valid_keytype(type))
+ if (!valid_enctype(type))
return KRB5_PROG_ETYPE_NOSUPP;
if (kt_id == NULL)
goto cleanup;
}
- if (realkey->keytype != type) {
+ if (realkey->enctype != type) {
(void) krb5_kt_free_entry(context, &kt_ent);
krb5_free_keyblock(context, realkey);
retval = KRB5_PROG_ETYPE_NOSUPP;
*/
krb5_error_code
-krb5_get_in_tkt_with_keytab(context, options, addrs, etypes, pre_auth_types,
+krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types,
keytab, ccache, creds, ret_as_reply)
krb5_context context;
const krb5_flags options;
krb5_address * const * addrs;
- krb5_enctype * etypes;
+ krb5_enctype * ktypes;
krb5_preauthtype * pre_auth_types;
const krb5_keytab keytab;
krb5_ccache ccache;
arg.keytab = keytab;
arg.client = creds->client;
- return (krb5_get_in_tkt(context, options, addrs, etypes, pre_auth_types,
+ return (krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types,
keytab_keyproc, (krb5_pointer)&arg,
krb5_kdc_rep_decrypt_proc, 0, creds,
ccache, ret_as_reply));
*/
krb5_error_code pwd_keyproc
PROTOTYPE((krb5_context,
- const krb5_keytype,
+ const krb5_enctype,
krb5_data *,
krb5_const_pointer,
krb5_keyblock **));
krb5_error_code
pwd_keyproc(context, type, salt, keyseed, key)
krb5_context context;
- const krb5_keytype type;
+ const krb5_enctype type;
krb5_data * salt;
krb5_const_pointer keyseed;
krb5_keyblock ** key;
krb5_data * password;
int pwsize = sizeof(pwdbuf);
- if (!valid_keytype(type))
- return KRB5_PROG_KEYTYPE_NOSUPP;
+ if (!valid_enctype(type))
+ return KRB5_PROG_ETYPE_NOSUPP;
- krb5_use_keytype(context, &eblock, type);
+ krb5_use_enctype(context, &eblock, type);
password = (krb5_data *)keyseed;
returns system errors, encryption errors
*/
krb5_error_code INTERFACE
-krb5_get_in_tkt_with_password(context, options, addrs, etypes, pre_auth_types,
+krb5_get_in_tkt_with_password(context, options, addrs, ktypes, pre_auth_types,
password, ccache, creds, ret_as_reply)
krb5_context context;
const krb5_flags options;
krb5_address * const * addrs;
- krb5_enctype * etypes;
+ krb5_enctype * ktypes;
krb5_preauthtype * pre_auth_types;
const char * password;
krb5_ccache ccache;
data.length = 0;
}
- retval = krb5_get_in_tkt(context, options, addrs, etypes, pre_auth_types,
+ retval = krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types,
pwd_keyproc, (krb5_pointer) &data,
krb5_kdc_rep_decrypt_proc, 0,
creds, ccache, ret_as_reply);
*/
krb5_error_code skey_keyproc
PROTOTYPE((krb5_context,
- const krb5_keytype,
+ const krb5_enctype,
krb5_data *,
krb5_const_pointer,
krb5_keyblock **));
krb5_error_code
skey_keyproc(context, type, salt, keyseed, key)
krb5_context context;
- const krb5_keytype type;
+ const krb5_enctype type;
krb5_data * salt;
krb5_const_pointer keyseed;
krb5_keyblock ** key;
keyblock = (const krb5_keyblock *)keyseed;
- if (!valid_keytype(type))
+ if (!valid_enctype(type))
return KRB5_PROG_ETYPE_NOSUPP;
if ((retval = krb5_copy_keyblock(context, keyblock, &realkey)))
return retval;
- if (realkey->keytype != type) {
+ if (realkey->enctype != type) {
krb5_free_keyblock(context, realkey);
return KRB5_PROG_ETYPE_NOSUPP;
}
*/
krb5_error_code
-krb5_get_in_tkt_with_skey(context, options, addrs, etypes, pre_auth_types,
+krb5_get_in_tkt_with_skey(context, options, addrs, ktypes, pre_auth_types,
key, ccache, creds, ret_as_reply)
krb5_context context;
const krb5_flags options;
krb5_address * const * addrs;
- krb5_enctype * etypes;
+ krb5_enctype * ktypes;
krb5_preauthtype * pre_auth_types;
const krb5_keyblock * key;
krb5_ccache ccache;
{
if (key)
- return krb5_get_in_tkt(context, options, addrs, etypes, pre_auth_types,
+ return krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types,
skey_keyproc, (krb5_pointer)key,
krb5_kdc_rep_decrypt_proc, 0, creds,
ccache, ret_as_reply);
else
- return krb5_get_in_tkt_with_keytab(context, options, addrs, etypes,
+ return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes,
pre_auth_types, NULL, ccache,
creds, ret_as_reply);
}
{
krb5_context ctx;
krb5_error_code retval;
+ int tmp;
*context = 0;
ctx->magic = KV5M_CONTEXT;
/* Set the default encryption types, possible defined in krb5/conf */
- if ((retval = krb5_set_default_in_tkt_etypes(ctx, NULL)))
+ if ((retval = krb5_set_default_in_tkt_ktypes(ctx, NULL)))
goto cleanup;
if ((retval = krb5_os_init_context(ctx)))
goto cleanup;
-
ctx->default_realm = 0;
+ profile_get_integer(ctx->profile, "libdefaults",
+ "clockskew", 0, 5 * 60,
+ &tmp);
+ ctx->clockskew = tmp;
+ ctx->kdc_req_sumtype = CKSUMTYPE_RSA_MD5;
+ ctx->kdc_default_options = KDC_OPT_RENEWABLE_OK;
+ profile_get_integer(ctx->profile, "libdefaults",
+ "kdc_timesync", 0, 0,
+ &tmp);
+ ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0;
*context = ctx;
return 0;
{
krb5_os_free_context(ctx);
- if (ctx->etypes)
- free(ctx->etypes);
+ if (ctx->ktypes)
+ free(ctx->ktypes);
if (ctx->default_realm)
free(ctx->default_realm);
}
/*
- * Set the desired default etypes, making sure they are valid.
+ * Set the desired default ktypes, making sure they are valid.
*/
krb5_error_code
-krb5_set_default_in_tkt_etypes(context, etypes)
+krb5_set_default_in_tkt_ktypes(context, ktypes)
krb5_context context;
- const krb5_enctype *etypes;
+ const krb5_enctype *ktypes;
{
- krb5_enctype * new_etypes;
+ krb5_enctype * new_ktypes;
int i;
- if (etypes) {
- for (i = 0; etypes[i]; i++) {
- if (!valid_etype(etypes[i]))
+ if (ktypes) {
+ for (i = 0; ktypes[i]; i++) {
+ if (!valid_enctype(ktypes[i]))
return KRB5_PROG_ETYPE_NOSUPP;
}
- /* Now copy the default etypes into the context pointer */
- if ((new_etypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i)))
- memcpy(new_etypes, etypes, sizeof(krb5_enctype) * i);
+ /* Now copy the default ktypes into the context pointer */
+ if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i)))
+ memcpy(new_ktypes, ktypes, sizeof(krb5_enctype) * i);
else
return ENOMEM;
i = 2;
/* Should reset the list to the runtime defaults */
- if ((new_etypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i))) {
- new_etypes[0] = ETYPE_DES_CBC_MD5;
- new_etypes[1] = ETYPE_DES_CBC_CRC;
+ if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i))) {
+ new_ktypes[0] = ENCTYPE_DES_CBC_MD5;
+ new_ktypes[1] = ENCTYPE_DES_CBC_CRC;
} else {
return ENOMEM;
}
}
- if (context->etypes)
- free(context->etypes);
- context->etypes = new_etypes;
- context->etype_count = i;
+ if (context->ktypes)
+ free(context->ktypes);
+ context->ktypes = new_ktypes;
+ context->ktype_count = i;
return 0;
}
krb5_error_code
-krb5_get_default_in_tkt_etypes(context, etypes)
+krb5_get_default_in_tkt_ktypes(context, ktypes)
krb5_context context;
- krb5_enctype **etypes;
+ krb5_enctype **ktypes;
{
- krb5_enctype * old_etypes;
+ krb5_enctype * old_ktypes;
- if ((old_etypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) *
- (context->etype_count + 1)))) {
- memcpy(old_etypes, context->etypes, sizeof(krb5_enctype) *
- context->etype_count);
- old_etypes[context->etype_count] = 0;
+ if ((old_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) *
+ (context->ktype_count + 1)))) {
+ memcpy(old_ktypes, context->ktypes, sizeof(krb5_enctype) *
+ context->ktype_count);
+ old_ktypes[context->ktype_count] = 0;
} else {
return ENOMEM;
}
- *etypes = old_etypes;
+ *ktypes = old_ktypes;
return 0;
}
krb5_data scratch;
krb5_enc_kdc_rep_part *local_encpart;
- if (!valid_etype(dec_rep->enc_part.etype))
+ if (!valid_enctype(dec_rep->enc_part.enctype))
return KRB5_PROG_ETYPE_NOSUPP;
/* set up scratch decrypt/decode area */
/* put together an eblock for this encryption */
- krb5_use_cstype(context, &eblock, dec_rep->enc_part.etype);
+ krb5_use_enctype(context, &eblock, dec_rep->enc_part.enctype);
/* do any necessary key pre-processing */
if ((retval = krb5_process_key(context, &eblock, key))) {
#include "k5-int.h"
krb5_deltat krb5_clockskew = 5 * 60; /* five minutes */
-krb5_cksumtype krb5_kdc_req_sumtype = CKSUMTYPE_RSA_MD4;
+krb5_cksumtype krb5_kdc_req_sumtype = CKSUMTYPE_RSA_MD5;
krb5_flags krb5_kdc_default_options = KDC_OPT_RENEWABLE_OK;
krb5_encrypt_block eblock;
krb5_data * scratch;
- if (!valid_etype(pkeyblock->etype))
+ if (!valid_enctype(pkeyblock->enctype))
return KRB5_PROG_ETYPE_NOSUPP;
/* start by encoding to-be-encrypted part of the message */
/* put together an eblock for this encryption */
pencdata->kvno = 0;
- pencdata->etype = pkeyblock->etype;
+ pencdata->enctype = pkeyblock->enctype;
- krb5_use_cstype(context, &eblock, pkeyblock->etype);
+ krb5_use_enctype(context, &eblock, pkeyblock->enctype);
pencdata->ciphertext.length = krb5_encrypt_size(scratch->length,
eblock.crypto_entry);
krb5_priv_enc_part privmsg_enc_part;
krb5_data *scratch1, *scratch2;
- if (!valid_etype(keyblock->etype))
+ if (!valid_enctype(keyblock->enctype))
return KRB5_PROG_ETYPE_NOSUPP;
privmsg.enc_part.kvno = 0; /* XXX allow user-set? */
- privmsg.enc_part.etype = keyblock->etype;
+ privmsg.enc_part.enctype = keyblock->enctype;
privmsg_enc_part.user_data = *userdata;
privmsg_enc_part.s_address = local_addr;
return retval;
/* put together an eblock for this encryption */
- krb5_use_cstype(context, &eblock, keyblock->etype);
+ krb5_use_enctype(context, &eblock, keyblock->enctype);
privmsg.enc_part.ciphertext.length = krb5_encrypt_size(scratch1->length,
eblock.crypto_entry);
/* add padding area, and zero it */
krb5_data * outbuf;
{
krb5_error_code retval;
- krb5_keytype keytype;
- krb5_enctype etype;
+ krb5_enctype enctype;
krb5_ap_rep_enc_part repl;
krb5_encrypt_block eblock;
krb5_ap_rep reply;
krb5_data * scratch;
krb5_data * toutbuf;
- /* verify a valid etype is available */
- if (!valid_keytype(keytype = auth_context->keyblock->keytype))
- return KRB5_PROG_KEYTYPE_NOSUPP;
-
- etype = krb5_keytype_array[keytype]->system->proto_enctype;
-
- if (!valid_etype(etype))
+ /* verify a valid enctype is available */
+ if (!valid_enctype(enctype = auth_context->keyblock->enctype))
return KRB5_PROG_ETYPE_NOSUPP;
/* Make the reply */
return retval;
/* put together an eblock for this encryption */
- krb5_use_cstype(context, &eblock, etype);
- reply.enc_part.etype = etype;
+ krb5_use_enctype(context, &eblock, enctype);
+ reply.enc_part.enctype = enctype;
reply.enc_part.kvno = 0; /* XXX user set? */
reply.enc_part.ciphertext.length = krb5_encrypt_size(scratch->length,
if ((retval = decode_krb5_ticket(&(in_creds)->ticket, &request.ticket)))
return(retval);
- /* verify a valid etype is available */
- if (!valid_etype(request.ticket->enc_part.etype)) {
+ /* verify a valid enctype is available */
+ if (!valid_enctype(request.ticket->enc_part.enctype)) {
retval = KRB5_PROG_ETYPE_NOSUPP;
goto cleanup;
}
checksum.length = in_data->length;
checksum.contents = (krb5_octet *) in_data->data;
} else {
- int T = krb5_checksum_size(context, (*auth_context)->cksumtype);
/* Generate checksum, XXX What should the seed be? */
if ((checksum.contents = (krb5_octet *)malloc(krb5_checksum_size(context,
(*auth_context)->cksumtype))) == NULL) {
/* put together an eblock for this encryption */
- krb5_use_cstype(context, &eblock, request.ticket->enc_part.etype);
- request.authenticator.etype = request.ticket->enc_part.etype;
+ krb5_use_enctype(context, &eblock, request.ticket->enc_part.enctype);
+ request.authenticator.enctype = request.ticket->enc_part.enctype;
request.authenticator.kvno = 0;
request.authenticator.ciphertext.length =
krb5_encrypt_size(scratch->length, eblock.crypto_entry);
retval = KRB5_PREAUTH_NO_KEY;
goto error_out;
}
- krb5_use_keytype(context, &eblock, encrypt_key->keytype);
+ krb5_use_enctype(context, &eblock, encrypt_key->enctype);
/* do any necessay key pre-processing */
retval = krb5_process_key(context, &eblock, encrypt_key);
if (!decrypt_key)
return(EINVAL);
- krb5_use_keytype(context, &eblock, decrypt_key->keytype);
+ krb5_use_enctype(context, &eblock, decrypt_key->enctype);
scratch.length = data->length;
if (!(scratch.data = (char *)malloc(scratch.length))) {
krb5_error_code retval;
krb5_data scratch;
- if (!valid_etype(pcred->enc_part.etype))
+ if (!valid_enctype(pcred->enc_part.enctype))
return KRB5_PROG_ETYPE_NOSUPP;
/* put together an eblock for this decryption */
- krb5_use_cstype(context, &eblock, pcred->enc_part.etype);
+ krb5_use_enctype(context, &eblock, pcred->enc_part.enctype);
scratch.length = pcred->enc_part.ciphertext.length;
if (!(scratch.data = (char *)malloc(scratch.length)))
if ((retval = decode_krb5_priv(inbuf, &privmsg)))
return retval;
- if (!valid_etype(privmsg->enc_part.etype)) {
+ if (!valid_enctype(privmsg->enc_part.enctype)) {
retval = KRB5_PROG_ETYPE_NOSUPP;
goto cleanup_privmsg;
}
/* put together an eblock for this decryption */
- krb5_use_cstype(context, &eblock, privmsg->enc_part.etype);
+ krb5_use_enctype(context, &eblock, privmsg->enc_part.enctype);
scratch.length = privmsg->enc_part.ciphertext.length;
if (!(scratch.data = malloc(scratch.length))) {
/* put together an eblock for this encryption */
- if (!valid_etype(reply->enc_part.etype)) {
+ if (!valid_enctype(reply->enc_part.enctype)) {
krb5_free_ap_rep(context, reply);
return KRB5_PROG_ETYPE_NOSUPP;
}
- krb5_use_cstype(context, &eblock, reply->enc_part.etype);
+ krb5_use_enctype(context, &eblock, reply->enc_part.enctype);
scratch.length = reply->enc_part.ciphertext.length;
if (!(scratch.data = malloc(scratch.length))) {
/* Set auth subkey */
if ((*repl)->subkey) {
- (*repl)->subkey->etype = reply->enc_part.etype;
retval = krb5_copy_keyblock(context, (*repl)->subkey,
&auth_context->remote_subkey);
}
{
krb5_error_code retval;
- krb5_keytype keytype;
+ krb5_enctype enctype;
krb5_keytab_entry ktent;
/*
- * OK we know the encryption type req->ticket->enc_part.etype,
- * and now we need to get the keytype
+ * OK we know the encryption type req->ticket->enc_part.enctype,
+ * and now we need to get the enctype
*/
- keytype = krb5_csarray[req->ticket->enc_part.etype]->system->proto_keytype;
+ enctype = req->ticket->enc_part.enctype;
if ((retval = krb5_kt_get_entry(context, keytab, req->ticket->server,
req->ticket->enc_part.kvno,
- keytype, &ktent)))
+ enctype, &ktent)))
return retval;
if ((retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket)))
sesskey = request->ticket->enc_part2->session;
- if (!valid_keytype(sesskey->keytype))
- return KRB5_PROG_KEYTYPE_NOSUPP;
+ if (!valid_enctype(sesskey->enctype))
+ return KRB5_PROG_ETYPE_NOSUPP;
/* put together an eblock for this encryption */
- if (!valid_etype(request->authenticator.etype))
- return KRB5_PROG_ETYPE_NOSUPP;
-
- krb5_use_cstype(context, &eblock, request->authenticator.etype);
+ krb5_use_enctype(context, &eblock, request->authenticator.enctype);
scratch.length = request->authenticator.ciphertext.length;
if (!(scratch.data = malloc(scratch.length)))
/* now decode the decrypted stuff */
if (!(retval = decode_krb5_authenticator(&scratch, &local_auth))) {
*authpp = local_auth;
- if (local_auth->subkey)
- local_auth->subkey->etype = request->authenticator.etype;
}
clean_scratch();
return retval;
Sends a request to the TGS and waits for a response.
options is used for the options in the KRB_TGS_REQ.
timestruct values are used for from, till, rtime " " "
- etype is used for etype " " ", and to encrypt the authorization data,
+ enctype is used for enctype " " ", and to encrypt the authorization data,
sname is used for sname " " "
addrs, if non-NULL, is used for addresses " " "
authorization_dat, if non-NULL, is used for authorization_dat " " "
goto cleanup_data;
/* put together an eblock for this encryption */
- krb5_use_cstype(context, &eblock, request.ticket->enc_part.etype);
- request.authenticator.etype = request.ticket->enc_part.etype;
+ krb5_use_enctype(context, &eblock, request.ticket->enc_part.enctype);
+ request.authenticator.enctype = request.ticket->enc_part.enctype;
request.authenticator.ciphertext.length =
krb5_encrypt_size(scratch->length, eblock.crypto_entry);
}
krb5_error_code
-krb5_send_tgs(context, kdcoptions, timestruct, etypes, sname, addrs,
+krb5_send_tgs(context, kdcoptions, timestruct, ktypes, sname, addrs,
authorization_data, padata, second_ticket, in_cred, rep)
krb5_context context;
const krb5_flags kdcoptions;
const krb5_ticket_times * timestruct;
- const krb5_enctype * etypes;
+ const krb5_enctype * ktypes;
krb5_const_principal sname;
krb5_address * const * addrs;
krb5_authdata * const * authorization_data;
tgsreq.from = timestruct->starttime;
tgsreq.till = timestruct->endtime;
tgsreq.rtime = timestruct->renew_till;
-#if 0
if ((retval = krb5_timeofday(context, &time_now)))
return(retval);
-#else
-{long usec;
- if ((retval = krb5_us_timeofday(context, &time_now, &usec)))
- return(retval);
-}
-#endif
/* XXX we know they are the same size... */
- tgsreq.nonce = (krb5_int32) time_now;
+ rep->expected_nonce = tgsreq.nonce = (krb5_int32) time_now;
+ rep->request_time = time_now;
tgsreq.addresses = (krb5_address **) addrs;
if ((retval = encode_krb5_authdata((const krb5_authdata**)authorization_data,
&scratch)))
return(retval);
- krb5_use_cstype(context, &eblock, in_cred->keyblock.etype);
- tgsreq.authorization_data.etype = in_cred->keyblock.etype;
+ krb5_use_enctype(context, &eblock, in_cred->keyblock.enctype);
+ tgsreq.authorization_data.enctype = in_cred->keyblock.enctype;
tgsreq.authorization_data.kvno = 0; /* ticket session key has */
/* no version */
tgsreq.authorization_data.ciphertext.length =
}
/* Get the encryption types list */
- if (etypes) {
- /* Check passed etypes and make sure they're valid. */
- for (tgsreq.netypes = 0; etypes[tgsreq.netypes]; tgsreq.netypes++) {
- if (!valid_etype(etypes[tgsreq.netypes]))
+ if (ktypes) {
+ /* Check passed ktypes and make sure they're valid. */
+ for (tgsreq.nktypes = 0; ktypes[tgsreq.nktypes]; tgsreq.nktypes++) {
+ if (!valid_enctype(ktypes[tgsreq.nktypes]))
return KRB5_PROG_ETYPE_NOSUPP;
}
- tgsreq.etype = (krb5_enctype *)etypes;
+ tgsreq.ktype = (krb5_enctype *)ktypes;
} else {
- /* Get the default etypes */
- krb5_get_default_in_tkt_etypes(context, &(tgsreq.etype));
- for(tgsreq.netypes = 0; tgsreq.etype[tgsreq.netypes]; tgsreq.netypes++);
+ /* Get the default ktypes */
+ krb5_get_default_in_tkt_ktypes(context, &(tgsreq.ktype));
+ for(tgsreq.nktypes = 0; tgsreq.ktype[tgsreq.nktypes]; tgsreq.nktypes++);
}
if (second_ticket) {
krb5_free_ticket(context, sec_ticket);
send_tgs_error_1:;
- if (etypes == NULL)
- krb5_xfree(tgsreq.etype);
+ if (ktypes == NULL)
+ krb5_xfree(tgsreq.ktype);
if (tgsreq.authorization_data.ciphertext.data) {
memset(tgsreq.authorization_data.ciphertext.data, 0,
tgsreq.authorization_data.ciphertext.length);
}
/* creds.times.endtime = 0; -- memset 0 takes care of this
zero means "as long as possible" */
- /* creds.keyblock.keytype = 0; -- as well as this.
- zero means no session keytype
+ /* creds.keyblock.enctype = 0; -- as well as this.
+ zero means no session enctype
preference */
in_creds = &creds;
}
/* Calculate size required by i_vector - ptooey */
if (auth_context->i_vector && auth_context->keyblock)
required += (size_t)
- krb5_keytype_array[auth_context->keyblock->keytype]->
+ krb5_enctype_array[auth_context->keyblock->enctype]->
system->block_length;
/* Calculate size required by remote_addr, if appropriate */
/* Now figure out the number of bytes for i_vector and write it */
obuf = (!auth_context->i_vector) ? 0 : (krb5_int32)
- krb5_keytype_array[auth_context->keyblock->keytype]->
+ krb5_enctype_array[auth_context->keyblock->enctype]->
system->block_length;
(void) krb5_ser_pack_int32(obuf, &bp, &remain);
* krb5_int32 for KV5M_CONTEXT
* krb5_int32 for sizeof(default_realm)
* strlen(default_realm) for default_realm.
- * krb5_int32 for netypes*sizeof(krb5_int32)
- * netypes*sizeof(krb5_int32) for etypes.
+ * krb5_int32 for nktypes*sizeof(krb5_int32)
+ * nktypes*sizeof(krb5_int32) for ktypes.
* krb5_int32 for trailer.
*/
kret = EINVAL;
sizeof(krb5_int32) +
sizeof(krb5_int32) +
sizeof(krb5_int32) +
- (context->etype_count * sizeof(krb5_int32)));
+ (context->ktype_count * sizeof(krb5_int32)));
if (context->default_realm)
required += strlen(context->default_realm);
strlen(context->default_realm),
&bp, &remain);
- /* Now number of etypes */
- (void) krb5_ser_pack_int32((krb5_int32) context->etype_count,
+ /* Now number of ktypes */
+ (void) krb5_ser_pack_int32((krb5_int32) context->ktype_count,
&bp, &remain);
- /* Now serialize etypes */
- for (i=0; i<context->etype_count; i++)
- (void) krb5_ser_pack_int32((krb5_int32) context->etypes[i],
+ /* Now serialize ktypes */
+ for (i=0; i<context->ktype_count; i++)
+ (void) krb5_ser_pack_int32((krb5_int32) context->ktypes[i],
&bp, &remain);
kret = 0;
context->default_realm[ibuf] = '\0';
}
- /* Get the number of etypes */
+ /* Get the number of ktypes */
if (!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) {
/* Reduce it to a count */
- context->etype_count = ibuf;
- if ((context->etypes = (krb5_enctype *)
+ context->ktype_count = ibuf;
+ if ((context->ktypes = (krb5_enctype *)
malloc(sizeof(krb5_enctype) *
- (context->etype_count+1)))) {
- memset(context->etypes,
+ (context->ktype_count+1)))) {
+ memset(context->ktypes,
0,
sizeof(krb5_enctype) *
- (context->etype_count + 1));
- for (i=0; i<context->etype_count; i++) {
+ (context->ktype_count + 1));
+ for (i=0; i<context->ktype_count; i++) {
if ((kret = krb5_ser_unpack_int32(&ibuf,
&bp, &remain)))
break;
- context->etypes[i] = (krb5_enctype) ibuf;
+ context->ktypes[i] = (krb5_enctype) ibuf;
}
}
}
malloc(sizeof(struct _krb5_os_context))) &&
(remain >= 4*sizeof(krb5_int32))) {
memset(os_ctx, 0, sizeof(struct _krb5_os_context));
+ os_ctx->magic = KV5M_OS_CONTEXT;
/* Read out our context */
(void) krb5_ser_unpack_int32(&os_ctx->time_offset, &bp, &remain);
kret = 0;
*buffer = bp;
*lenremain = remain;
- }
- else
+ } else
kret = EINVAL;
}
}
size_t required;
/*
- * NOTE: This ASSuMES that keytype and etype are sufficient to recreate
+ * NOTE: This ASSuMES that enctype are sufficient to recreate
* the _krb5_cryptosystem_entry. If this is not true, then something else
* had better be encoded here.
*
* krb5_encrypt_block base requirements:
* krb5_int32 for KV5M_ENCRYPT_BLOCK
- * krb5_int32 for keytype
- * krb5_int32 for etype;
+ * krb5_int32 for enctype
* krb5_int32 for private length
* encrypt_block->priv_size for private contents
* krb5_int32 for KV5M_ENCRYPT_BLOCK
/* Our identifier */
(void) krb5_ser_pack_int32(KV5M_ENCRYPT_BLOCK, &bp, &remain);
- /* Our keytype */
- (void) krb5_ser_pack_int32((krb5_int32) encrypt_block->
- crypto_entry->proto_keytype,
- &bp, &remain);
-
- /* Our etype */
+ /* Our enctype */
(void) krb5_ser_pack_int32((krb5_int32) encrypt_block->
crypto_entry->proto_enctype,
&bp, &remain);
krb5_error_code kret;
krb5_encrypt_block *encrypt_block;
krb5_int32 ibuf;
- krb5_keytype ktype;
- krb5_enctype etype;
+ krb5_enctype ktype;
krb5_octet *bp;
size_t remain;
malloc(sizeof(krb5_encrypt_block)))) {
memset(encrypt_block, 0, sizeof(krb5_encrypt_block));
- /* Get the keytype */
- (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
- ktype = (krb5_keytype) ibuf;
-
- /* Get the etype */
+ /* Get the enctype */
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
- etype = (krb5_enctype) ibuf;
+ ktype = (krb5_enctype) ibuf;
- /*
- * Use the etype to determine the crypto_system entry. In the
- * future, we may need to use a combination of keytype/etype or
- * just keytype here.
- */
- krb5_use_cstype(kcontext, encrypt_block, etype);
+ /* Use the ktype to determine the crypto_system entry. */
+ krb5_use_enctype(kcontext, encrypt_block, ktype);
/* Get the length */
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
/*
* krb5_keyblock requires:
* krb5_int32 for KV5M_KEYBLOCK
- * krb5_int32 for keytype
- * krb5_int32 for etype;
+ * krb5_int32 for enctype
* krb5_int32 for length
* keyblock->length for contents
* krb5_int32 for KV5M_KEYBLOCK
/* Our identifier */
(void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain);
- /* Our keytype */
- (void) krb5_ser_pack_int32((krb5_int32) keyblock->keytype,
- &bp, &remain);
-
- /* Our etype */
- (void) krb5_ser_pack_int32((krb5_int32) keyblock->etype,
+ /* Our enctype */
+ (void) krb5_ser_pack_int32((krb5_int32) keyblock->enctype,
&bp, &remain);
/* Our length */
(keyblock = (krb5_keyblock *) malloc(sizeof(krb5_keyblock)))) {
memset(keyblock, 0, sizeof(krb5_keyblock));
- /* Get the keytype */
- (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
- keyblock->keytype = (krb5_keytype) ibuf;
-
- /* Get the etype */
+ /* Get the enctype */
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
- keyblock->etype = (krb5_enctype) ibuf;
+ keyblock->enctype = (krb5_enctype) ibuf;
/* Get the length */
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
KV5M_AUTH_CONTEXT))) {
memset(&ukeyblock, 0, sizeof(ukeyblock));
memset(keydata, 0, sizeof(keydata));
- ukeyblock.keytype = KEYTYPE_DES;
- ukeyblock.etype = ETYPE_DES_CBC_MD5;
+ ukeyblock.enctype = ENCTYPE_DES_CBC_MD5;
ukeyblock.length = sizeof(keydata);
ukeyblock.contents = keydata;
keydata[0] = 0xde;
memset(&eblock, 0, sizeof(krb5_encrypt_block));
eblock.magic = KV5M_ENCRYPT_BLOCK;
- krb5_use_cstype(kcontext, &eblock, DEFAULT_KDC_ETYPE);
+ krb5_use_enctype(kcontext, &eblock, DEFAULT_KDC_ENCTYPE);
if (!(kret = ser_data(verbose, "> NULL eblock",
(krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) {
eblock.priv = (krb5_pointer) ser_eblock_test;
KV5M_ENCRYPT_BLOCK))) {
memset(&ukeyblock, 0, sizeof(ukeyblock));
memset(keydata, 0, sizeof(keydata));
- ukeyblock.keytype = KEYTYPE_DES;
- ukeyblock.etype = ETYPE_DES_CBC_MD5;
+ ukeyblock.enctype = ENCTYPE_DES_CBC_MD5;
ukeyblock.length = sizeof(keydata);
ukeyblock.contents = keydata;
keydata[0] = 0xde;
checksum.checksum_type = 123;
checksum.length = sizeof(ckdata);
checksum.contents = ckdata;
- memcpy(ckdata, (char *) ser_cksum_test, sizeof(ckdata));
+#if 0
+ memcpy(ckdata, (char *) &ser_cksum_test, sizeof(ckdata));
+#else
+ memcpy(ckdata, (char *) &ser_princ_test, sizeof(ckdata));
+#endif
if (!(kret = ser_data(verbose, "> checksum with data",
(krb5_pointer) &checksum, KV5M_CHECKSUM))) {
if (verbose)
projects / krb5.git / commitdiff