* init_ctx.c (get_profile_etype_list): Update name of the des3 entry in the
default etype list.
* init_ctx.c (get_profile_etype_list): New argument DESONLY; if set, ignore any
ktype values other than NULL, DES_CBC_CRC, and DES_CBC_MD5.
(krb5_get_default_in_tkt_ktypes, krb5_get_tgs_ktypes): Set it.
(krb5_get_permitted_enctypes): Don't set it.
* fwd_tgt.c (krb5_fwd_tgt_creds): Use KRB5_TC_SUPPORTED_KTYPES when calling
krb5_cc_retrieve_cred.
* gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Ditto.
* get_creds.c (krb5_get_credentials_core): Set that flag.
(krb5_get_credentials): Check for KRB5_CC_NOT_KTYPE error return.
* t_ser.c (main): Disable eblock serialization test, since the code it tests
was disabled nearly a year ago.
* str_conv.c (krb5_timestamp_to_sfstring): Don't pass extra argument to
sprintf.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11779
dc483132-0cff-0310-8789-
dd5450dbe970
+1999-09-01 Ken Raeburn <raeburn@mit.edu>
+
+ * init_ctx.c (get_profile_etype_list): Update name of the des3
+ entry in the default etype list.
+
+ * init_ctx.c (get_profile_etype_list): New argument DESONLY; if
+ set, ignore any ktype values other than NULL, DES_CBC_CRC, and
+ DES_CBC_MD5.
+ (krb5_get_default_in_tkt_ktypes, krb5_get_tgs_ktypes): Set it.
+ (krb5_get_permitted_enctypes): Don't set it.
+
+ * fwd_tgt.c (krb5_fwd_tgt_creds): Use KRB5_TC_SUPPORTED_KTYPES
+ when calling krb5_cc_retrieve_cred.
+ * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Ditto.
+ * get_creds.c (krb5_get_credentials_core): Set that flag.
+ (krb5_get_credentials): Check for KRB5_CC_NOT_KTYPE error return.
+
+ * t_ser.c (main): Disable eblock serialization test, since the
+ code it tests was disabled nearly a year ago.
+
+ * str_conv.c (krb5_timestamp_to_sfstring): Don't pass extra
+ argument to sprintf.
+
1999-08-10 Alexandra Ellwood <lxs@mit.edu>
* chpw.c (krb5_mk_chpw_req):
}
/* fetch tgt directly from cache */
- retval = krb5_cc_retrieve_cred (context, cc, 0, &creds, &tgt);
+ retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_SUPPORTED_KTYPES,
+ &creds, &tgt);
if (retval)
goto errout;
}
if ((retval = krb5_cc_retrieve_cred(context, ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
- if (retval != KRB5_CC_NOTFOUND) {
+ if (retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) {
goto cleanup;
}
goto cleanup;
if ((retval = krb5_cc_retrieve_cred(context, ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
goto cleanup;
}
goto cleanup;
if ((retval = krb5_cc_retrieve_cred(context, ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
- if (retval != KRB5_CC_NOTFOUND) {
+ if (retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) {
goto cleanup;
}
goto cleanup;
if ((retval = krb5_cc_retrieve_cred(context, ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
if (retval != KRB5_CC_NOTFOUND) {
goto cleanup;
mcreds->client = in_creds->client;
*fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */
- | KRB5_TC_MATCH_AUTHDATA ;
+ | KRB5_TC_MATCH_AUTHDATA
+ | KRB5_TC_SUPPORTED_KTYPES;
if (mcreds->keyblock.enctype)
*fields |= KRB5_TC_MATCH_KTYPE;
if (options & KRB5_GC_USER_USER) {
*out_creds = ncreds;
}
- if (retval != KRB5_CC_NOTFOUND || options & KRB5_GC_CACHED)
+ if ((retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE)
+ || options & KRB5_GC_CACHED)
return retval;
retval = krb5_get_cred_from_kdc(context, ccache, ncreds, out_creds, &tgts);
}
static krb5_error_code
-get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
+get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list, desonly)
krb5_context context;
krb5_enctype **ktypes;
char *profstr;
int ctx_count;
krb5_enctype FAR *ctx_list;
+ int desonly;
{
krb5_enctype *old_ktypes;
code = profile_get_string(context->profile, "libdefaults", profstr,
NULL,
- "des3-hmac-sha1 des-cbc-md5 des-cbc-crc",
+ "des3-cbc-sha1 des-cbc-md5 des-cbc-crc",
&retval);
if (code)
return code;
j = 0;
i = 1;
while (1) {
- if (! krb5_string_to_enctype(sp, &old_ktypes[j]))
+ if (! krb5_string_to_enctype(sp, &old_ktypes[j])) {
+ switch (old_ktypes[j]) {
+ default:
+ if (desonly)
+ /* Other types not supported yet. */
+ break;
+ /* else fall through */
+
+ case ENCTYPE_NULL:
+ case ENCTYPE_DES_CBC_CRC:
+ case ENCTYPE_DES_CBC_MD5:
j++;
+ break;
+ }
+ }
if (i++ >= count)
break;
{
return(get_profile_etype_list(context, ktypes, "default_tkt_enctypes",
context->in_tkt_ktype_count,
- context->in_tkt_ktypes));
+ context->in_tkt_ktypes, 1));
}
krb5_error_code
{
return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
context->tgs_ktype_count,
- context->tgs_ktypes));
+ context->tgs_ktypes, 1));
}
krb5_error_code
{
return(get_profile_etype_list(context, ktypes, "permitted_enctypes",
context->tgs_ktype_count,
- context->tgs_ktypes));
+ context->tgs_ktypes, 0));
}
krb5_boolean
if (buflen >= sftime_default_len) {
sprintf(buffer, sftime_default_fmt,
tmp->tm_mday, tmp->tm_mon+1, 1900+tmp->tm_year,
- tmp->tm_hour, tmp->tm_min, tmp->tm_sec);
+ tmp->tm_hour, tmp->tm_min);
ndone = strlen(buffer);
}
}
krb5_encrypt_block *eblock;
eblock = (krb5_encrypt_block *) nctx;
+#if 0
if (eblock->priv && eblock->priv_size)
krb5_xfree(eblock->priv);
+#endif
if (eblock->key)
krb5_free_keyblock(ser_ctx, eblock->key);
krb5_xfree(eblock);
krb5_use_enctype(kcontext, &eblock, DEFAULT_KDC_ENCTYPE);
if (!(kret = ser_data(verbose, "> NULL eblock",
(krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) {
+#if 0
eblock.priv = (krb5_pointer) stuff;
eblock.priv_size = 8;
+#endif
if (!(kret = ser_data(verbose, "> eblock with private data",
(krb5_pointer) &eblock,
KV5M_ENCRYPT_BLOCK))) {
case 'C':
do_ctest = 1;
break;
+#if 0
case 'E':
do_etest = 1;
break;
+#endif
case 'K':
do_ktest = 1;
break;
if (kret)
goto fail;
}
+#if 0 /* code to be tested is currently disabled */
if (do_etest) {
ch_err = 'e';
kret = ser_eblock_test(kcontext, verbose);
if (kret)
goto fail;
}
+#endif
if (do_ptest) {
ch_err = 'p';
kret = ser_princ_test(kcontext, verbose);