from 1.1 branch:
authorKen Raeburn <raeburn@mit.edu>
Wed, 1 Sep 1999 21:55:49 +0000 (21:55 +0000)
committerKen Raeburn <raeburn@mit.edu>
Wed, 1 Sep 1999 21:55:49 +0000 (21:55 +0000)
* init_ctx.c (get_profile_etype_list): Update name of the des3 entry in the
default etype list.

* init_ctx.c (get_profile_etype_list): New argument DESONLY; if set, ignore any
ktype values other than NULL, DES_CBC_CRC, and DES_CBC_MD5.
(krb5_get_default_in_tkt_ktypes, krb5_get_tgs_ktypes): Set it.
(krb5_get_permitted_enctypes): Don't set it.

* fwd_tgt.c (krb5_fwd_tgt_creds): Use KRB5_TC_SUPPORTED_KTYPES when calling
krb5_cc_retrieve_cred.
* gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Ditto.
* get_creds.c (krb5_get_credentials_core): Set that flag.
(krb5_get_credentials): Check for KRB5_CC_NOT_KTYPE error return.

* t_ser.c (main): Disable eblock serialization test, since the code it tests
was disabled nearly a year ago.

* str_conv.c (krb5_timestamp_to_sfstring): Don't pass extra argument to
sprintf.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11779 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/ChangeLog
src/lib/krb5/krb/fwd_tgt.c
src/lib/krb5/krb/gc_frm_kdc.c
src/lib/krb5/krb/get_creds.c
src/lib/krb5/krb/init_ctx.c
src/lib/krb5/krb/str_conv.c
src/lib/krb5/krb/t_ser.c

index d0c0348d93fd06f019c4352b9b8c8f4732195617..a749b6c175afa0b636c6711c6a14a6eec57703e8 100644 (file)
@@ -1,3 +1,26 @@
+1999-09-01  Ken Raeburn  <raeburn@mit.edu>
+
+       * init_ctx.c (get_profile_etype_list): Update name of the des3
+       entry in the default etype list.
+
+       * init_ctx.c (get_profile_etype_list): New argument DESONLY; if
+       set, ignore any ktype values other than NULL, DES_CBC_CRC, and
+       DES_CBC_MD5.
+       (krb5_get_default_in_tkt_ktypes, krb5_get_tgs_ktypes): Set it.
+       (krb5_get_permitted_enctypes): Don't set it.
+
+       * fwd_tgt.c (krb5_fwd_tgt_creds): Use KRB5_TC_SUPPORTED_KTYPES
+       when calling krb5_cc_retrieve_cred.
+       * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Ditto.
+       * get_creds.c (krb5_get_credentials_core): Set that flag.
+       (krb5_get_credentials): Check for KRB5_CC_NOT_KTYPE error return.
+
+       * t_ser.c (main): Disable eblock serialization test, since the
+       code it tests was disabled nearly a year ago.
+
+       * str_conv.c (krb5_timestamp_to_sfstring): Don't pass extra
+       argument to sprintf.
+
 1999-08-10     Alexandra Ellwood       <lxs@mit.edu>
 
        * chpw.c (krb5_mk_chpw_req):
index 0a8ce2240da669ec8fb4b90d345de167a2e1f221..2ae1bb136af62049147d70e1f547dddcb1af9277 100644 (file)
@@ -93,7 +93,8 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc,
     }
 
     /* fetch tgt directly from cache */
-    retval = krb5_cc_retrieve_cred (context, cc, 0, &creds, &tgt);
+    retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_SUPPORTED_KTYPES,
+                                   &creds, &tgt);
     if (retval)
        goto errout;
 
index ac31b466d8853954a1a29e66e15940e67fd8b8d8..ed6bc55a740aa408c397c2cdbf9af1dd73ac8038 100644 (file)
@@ -118,10 +118,10 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt)
   }
 
   if ((retval = krb5_cc_retrieve_cred(context, ccache,
-                                     KRB5_TC_MATCH_SRV_NAMEONLY,
+                                     KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
                                      &tgtq, &tgt))) {
 
-    if (retval != KRB5_CC_NOTFOUND) {
+    if (retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) {
        goto cleanup;
     }
 
@@ -154,7 +154,7 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt)
        goto cleanup;
 
     if ((retval = krb5_cc_retrieve_cred(context, ccache,
-                                       KRB5_TC_MATCH_SRV_NAMEONLY,
+                                       KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
                                        &tgtq, &tgt))) {
        goto cleanup;
     }
@@ -217,10 +217,10 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt)
          goto cleanup;
 
       if ((retval = krb5_cc_retrieve_cred(context, ccache,
-                                         KRB5_TC_MATCH_SRV_NAMEONLY,
+                                         KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
                                          &tgtq, &tgt))) {
     
-       if (retval != KRB5_CC_NOTFOUND) {
+       if (retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) {
            goto cleanup;
        }
   
@@ -280,7 +280,7 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt)
                goto cleanup;
 
            if ((retval = krb5_cc_retrieve_cred(context, ccache,
-                                               KRB5_TC_MATCH_SRV_NAMEONLY,
+                                               KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
                                                &tgtq, &tgt))) {
              if (retval != KRB5_CC_NOTFOUND) {
                  goto cleanup;
index 4fbf4cf33b795622d721e633fc44a498b9105898..24014393109ef939ef5bdac1442c953eb6414956 100644 (file)
@@ -69,7 +69,8 @@ krb5_get_credentials_core(context, options, ccache, in_creds, out_creds,
     mcreds->client = in_creds->client;
     
     *fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */
-       | KRB5_TC_MATCH_AUTHDATA ;
+       | KRB5_TC_MATCH_AUTHDATA
+       | KRB5_TC_SUPPORTED_KTYPES;
     if (mcreds->keyblock.enctype)
        *fields |= KRB5_TC_MATCH_KTYPE;
     if (options & KRB5_GC_USER_USER) {
@@ -120,7 +121,8 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds)
        *out_creds = ncreds;
     }
 
-    if (retval != KRB5_CC_NOTFOUND || options & KRB5_GC_CACHED)
+    if ((retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE)
+       || options & KRB5_GC_CACHED)
        return retval;
 
     retval = krb5_get_cred_from_kdc(context, ccache, ncreds, out_creds, &tgts);
index 2ddd2d0c56fc8a77d1e939d47aecf987a6092556..8137843a7e99fb1d37ea002839c840915e0bbee8 100644 (file)
@@ -250,12 +250,13 @@ krb5_set_default_in_tkt_ktypes(context, ktypes)
 }
 
 static krb5_error_code
-get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
+get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list, desonly)
      krb5_context context;
      krb5_enctype **ktypes;
      char *profstr;
      int ctx_count;
      krb5_enctype FAR *ctx_list;
+     int desonly;
 {
     krb5_enctype *old_ktypes;
 
@@ -283,7 +284,7 @@ get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
 
        code = profile_get_string(context->profile, "libdefaults", profstr,
                                  NULL,
-                                 "des3-hmac-sha1 des-cbc-md5 des-cbc-crc",
+                                 "des3-cbc-sha1 des-cbc-md5 des-cbc-crc",
                                  &retval);
        if (code)
            return code;
@@ -313,8 +314,21 @@ get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
        j = 0;
        i = 1;
        while (1) {
-           if (! krb5_string_to_enctype(sp, &old_ktypes[j]))
+           if (! krb5_string_to_enctype(sp, &old_ktypes[j])) {
+             switch (old_ktypes[j]) {
+             default:
+               if (desonly)
+                 /* Other types not supported yet.  */
+                 break;
+               /* else fall through */
+
+             case ENCTYPE_NULL:
+             case ENCTYPE_DES_CBC_CRC:
+             case ENCTYPE_DES_CBC_MD5:
                j++;
+               break;
+             }
+           }
 
            if (i++ >= count)
                break;
@@ -339,7 +353,7 @@ krb5_get_default_in_tkt_ktypes(context, ktypes)
 {
     return(get_profile_etype_list(context, ktypes, "default_tkt_enctypes",
                                  context->in_tkt_ktype_count,
-                                 context->in_tkt_ktypes));
+                                 context->in_tkt_ktypes, 1));
 }
 
 krb5_error_code
@@ -382,7 +396,7 @@ krb5_get_tgs_ktypes(context, princ, ktypes)
 {
     return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
                                  context->tgs_ktype_count,
-                                 context->tgs_ktypes));
+                                 context->tgs_ktypes, 1));
 }
 
 krb5_error_code
@@ -392,7 +406,7 @@ krb5_get_permitted_enctypes(context, ktypes)
 {
     return(get_profile_etype_list(context, ktypes, "permitted_enctypes",
                                  context->tgs_ktype_count,
-                                 context->tgs_ktypes));
+                                 context->tgs_ktypes, 0));
 }
 
 krb5_boolean
index 7041f618c7df53672114d2dd13879d7e50a91944..b2a37e880cd73851600a6c9399420797a36f0521 100644 (file)
@@ -500,7 +500,7 @@ krb5_timestamp_to_sfstring(timestamp, buffer, buflen, pad)
        if (buflen >= sftime_default_len) {
            sprintf(buffer, sftime_default_fmt,
                    tmp->tm_mday, tmp->tm_mon+1, 1900+tmp->tm_year,
-                   tmp->tm_hour, tmp->tm_min, tmp->tm_sec);
+                   tmp->tm_hour, tmp->tm_min);
            ndone = strlen(buffer);
        }
     }
index 4ca3b5399ad3d9a1b26723d113662ecac39ac9f1..c17af31e5f6d34b87f3cdb8052233826c6f06051 100644 (file)
@@ -167,8 +167,10 @@ ser_data(verbose, msg, ctx, dtype)
                    krb5_encrypt_block *eblock;
 
                    eblock = (krb5_encrypt_block *) nctx;
+#if 0
                    if (eblock->priv && eblock->priv_size)
                        krb5_xfree(eblock->priv);
+#endif
                    if (eblock->key)
                        krb5_free_keyblock(ser_ctx, eblock->key);
                    krb5_xfree(eblock);
@@ -525,8 +527,10 @@ ser_eblock_test(kcontext, verbose)
     krb5_use_enctype(kcontext, &eblock, DEFAULT_KDC_ENCTYPE);
     if (!(kret = ser_data(verbose, "> NULL eblock",
                          (krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) {
+#if 0
        eblock.priv = (krb5_pointer) stuff;
        eblock.priv_size = 8;
+#endif
        if (!(kret = ser_data(verbose, "> eblock with private data",
                              (krb5_pointer) &eblock,
                              KV5M_ENCRYPT_BLOCK))) {
@@ -676,9 +680,11 @@ main(argc, argv)
        case 'C':
            do_ctest = 1;
            break;
+#if 0
        case 'E':
            do_etest = 1;
            break;
+#endif
        case 'K':
            do_ktest = 1;
            break;
@@ -737,12 +743,14 @@ main(argc, argv)
            if (kret)
                    goto fail;
     }
+#if 0 /* code to be tested is currently disabled */
     if (do_etest) {
            ch_err = 'e';
            kret = ser_eblock_test(kcontext, verbose);
            if (kret)
                    goto fail;
     }
+#endif
     if (do_ptest) {
            ch_err = 'p';
            kret = ser_princ_test(kcontext, verbose);