+
+Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu)
+
+ * do_as_req.c, do_tgs_req.c, kerberos_v4.c, main.c: Remove krb5_enctype
+ references, and replace with krb5_keytype where appropriate.
+
Mon Sep 4 14:10:26 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* do_as_req.c, do_tgs_req.c, kdc_util.c, kdc_util.h, policy.c: Add
krb5_timestamp kdc_time, authtime;
krb5_keyblock *session_key = 0;
krb5_keyblock encrypting_key;
- krb5_enctype useetype;
krb5_pa_data *padat_tmp[2], padat_local;
krb5_data salt_data;
const char *status;
krb5_encrypt_block eblock;
krb5_key_data *server_key, *client_key;
+ krb5_keytype usekeytype;
#ifdef KRBCONF_KDC_MODIFIES_KDB
krb5_boolean update_client = 0;
#endif /* KRBCONF_KDC_MODIFIES_KDB */
goto errout;
}
- /* This will change when the etype == keytype */
- for (i = 0; i < request->netypes; i++) {
- if (!valid_etype(request->etype[i]))
+ for (i = 0; i < request->nktypes; i++) {
+ if (!valid_keytype(request->ktype[i]))
continue;
- if (request->etype[i] == ETYPE_DES_CBC_MD5 &&
+ if (request->ktype[i] == KEYTYPE_DES_CBC_MD5 &&
!isflagset(server.attributes, KRB5_KDB_SUPPORT_DESMD5))
continue;
* Find the server key of the appropriate type. If we could specify
* a kvno, it would be supplied here.
*/
- if (!krb5_dbe_find_keytype(kdc_context,
- &server,
- krb5_csarray[request->etype[i]]->
- system->proto_keytype,
+ if (!krb5_dbe_find_keytype(kdc_context, &server, request->ktype[i],
-1, /* Ignore salttype */
-1, /* Get highest kvno */
&server_key))
goto got_a_key;
}
- /* unsupported etype */
+ /* unsupported ktype */
krb5_klog_syslog(LOG_INFO,"AS_REQ: BAD ENCRYPTION TYPE: host %s, %s for %s",
fromstring, cname, sname);
- retval = prepare_error_as(request, KDC_ERR_ETYPE_NOSUPP, 0, response);
+ retval = prepare_error_as(request, KDC_ERR_KEYTYPE_NOSUPP, 0, response);
goto errout;
got_a_key:;
- useetype = request->etype[i];
- krb5_use_cstype(kdc_context, &eblock, useetype);
+ usekeytype = request->ktype[i];
+ krb5_use_keytype(kdc_context, &eblock, request->ktype[i]);
if ((retval = krb5_random_key(kdc_context, &eblock,
- krb5_csarray[useetype]->random_sequence,
+ krb5_keytype_array[usekeytype]->random_sequence,
&session_key))) {
/* random key failed */
krb5_klog_syslog(LOG_INFO,"AS_REQ: RANDOM KEY FAILED: host %s, %s for %s",
krb5_klog_syslog(LOG_INFO,
"AS_REQ: CANNOT FIND CLIENT KEY: host %s, %s for %s",
fromstring, cname, sname);
- retval = prepare_error_as(request, KDC_ERR_ETYPE_NOSUPP, 0, response);
+ retval = prepare_error_as(request, KDC_ERR_KEYTYPE_NOSUPP, 0, response);
goto errout;
}
/* now encode/encrypt the response */
- reply.enc_part.etype = useetype;
+ reply.enc_part.keytype = usekeytype;
reply.enc_part.kvno = client_key->key_data_kvno;
/* convert client.key_data into a real key */
{
krb5_keyblock * subkey;
krb5_encrypt_block eblock;
- krb5_keytype second_ticket_etype = ETYPE_UNKNOWN;
+ krb5_keytype second_ticket_ktype = KEYTYPE_UNKNOWN;
krb5_kdc_req *request = 0;
krb5_db_entry server;
krb5_kdc_rep reply;
char *cname = 0, *sname = 0, *tmp = 0, *fromstring = 0;
krb5_last_req_entry *nolrarray[2], nolrentry;
/* krb5_address *noaddrarray[1]; */
- krb5_enctype useetype;
+ krb5_keytype usekeytype;
int errcode, errcode2;
register int i;
int firstpass = 1;
* use to encrypt the ticket!
*/
if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY))
- second_ticket_etype = request->second_ticket[st_idx]->enc_part.etype;
+ second_ticket_ktype = request->second_ticket[st_idx]->enc_part.keytype;
- for (i = 0; i < request->netypes; i++) {
+ for (i = 0; i < request->nktypes; i++) {
krb5_keytype ok_keytype;
- if (!valid_etype(request->etype[i]))
+ if (!valid_keytype(request->ktype[i]))
continue;
- if (second_ticket_etype != ETYPE_UNKNOWN &&
- second_ticket_etype != request->etype[i])
+ if (second_ticket_ktype != KEYTYPE_UNKNOWN &&
+ second_ticket_ktype != request->ktype[i])
continue;
- if (request->etype[i] == ETYPE_DES_CBC_MD5 &&
+ if (request->ktype[i] == KEYTYPE_DES_CBC_MD5 &&
!isflagset(server.attributes, KRB5_KDB_SUPPORT_DESMD5))
continue;
- ok_keytype = krb5_csarray[request->etype[i]]->system->proto_keytype;
+ ok_keytype = request->ktype[i];
for (ok_key_data = 0; ok_key_data < server.n_key_data; ok_key_data++)
if (server.key_data[ok_key_data].key_data_type[0] == ok_keytype)
goto got_a_key;
}
- /* unsupported etype */
+ /* unsupported ktype */
errcode = KRB5KDC_ERR_ETYPE_NOSUPP;
status = "BAD_ENCRYPTION_TYPE";
goto cleanup;
got_a_key:;
- useetype = request->etype[i];
- krb5_use_cstype(kdc_context, &eblock, useetype);
+ usekeytype = request->ktype[i];
+ krb5_use_keytype(kdc_context, &eblock, usekeytype);
retval = krb5_random_key(kdc_context, &eblock,
- krb5_csarray[useetype]->random_sequence,
+ krb5_keytype_array[usekeytype]->random_sequence,
&session_key);
if (retval) {
/* random key failed */
krb5_data scratch;
/* decrypt the authdata in the request */
- if (!valid_etype(request->authorization_data.etype)) {
+ if (!valid_keytype(request->authorization_data.keytype)) {
status = "BAD_AUTH_ETYPE";
errcode = KRB5KDC_ERR_ETYPE_NOSUPP;
goto cleanup;
}
/* put together an eblock for this encryption */
- krb5_use_cstype(kdc_context, &eblock, request->authorization_data.etype);
+ krb5_use_keytype(kdc_context, &eblock,
+ request->authorization_data.keytype);
scratch.length = request->authorization_data.ciphertext.length;
if (!(scratch.data =
}
ticket_reply.enc_part.kvno = 0;
- ticket_reply.enc_part.etype =
- request->second_ticket[st_idx]->enc_part2->session->etype;
- krb5_use_cstype(kdc_context, &eblock, ticket_reply.enc_part.etype);
+ ticket_reply.enc_part.keytype =
+ request->second_ticket[st_idx]->enc_part2->session->keytype;
+ krb5_use_keytype(kdc_context, &eblock, ticket_reply.enc_part.keytype);
if ((retval = krb5_encrypt_tkt_part(kdc_context, &eblock,
request->second_ticket[st_idx]->enc_part2->session,
&ticket_reply))) {
}
ticket_reply.enc_part.kvno = server.key_data[ok_key_data].key_data_kvno;
- ticket_reply.enc_part.etype = useetype;
- krb5_use_cstype(kdc_context, &eblock, ticket_reply.enc_part.etype);
+ ticket_reply.enc_part.keytype = usekeytype;
+ krb5_use_keytype(kdc_context, &eblock, ticket_reply.enc_part.keytype);
retval = krb5_encrypt_tkt_part(kdc_context, &eblock, &encrypting_key,
&ticket_reply);
/* use the session key in the ticket, unless there's a subsession key
in the AP_REQ */
- reply.enc_part.etype = subkey ? subkey->etype :
- header_ticket->enc_part2->session->etype;
- krb5_use_cstype(kdc_context, &eblock, reply.enc_part.etype);
+ reply.enc_part.keytype = subkey ? subkey->keytype :
+ header_ticket->enc_part2->session->keytype;
+ krb5_use_keytype(kdc_context, &eblock, reply.enc_part.keytype);
retval = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart,
&eblock, subkey ? subkey :
if (krb5_dbe_find_keytype(kdc_context,
&entries,
- KEYTYPE_DES,
+ KEYTYPE_DES_CBC_CRC,
KRB5_KDB_SALTTYPE_V4,
-1,
&pkey)) {
*/
static krb5_error_code
init_realm(progname, rdp, realm, def_dbname, def_mpname,
- def_keytype, def_port, def_sport, def_enctype, def_manual)
+ def_keytype, def_port, def_sport, def_manual)
char *progname;
kdc_realm_t *rdp;
char *realm;
krb5_keytype def_keytype;
krb5_int32 def_port;
krb5_int32 def_sport;
- krb5_enctype def_enctype;
krb5_boolean def_manual;
{
krb5_error_code kret;
int num2get;
krb5_boolean more;
krb5_boolean db_inited;
- krb5_enctype etype;
krb5_realm_params *rparams;
krb5_key_data *kdata;
krb5_key_salt_tuple *kslist;
(krb5_keytype) rparams->realm_keytype;
else
rdp->realm_mkey.keytype = (def_keytype) ? def_keytype :
- KEYTYPE_DES;
+ KEYTYPE_DES_CBC_CRC;
/* Handle KDC port */
if (rparams && rparams->realm_kdc_pport_valid)
def_sport,
KDC_SECONDARY_PORTNAME);
- /* Handle encryption type */
- if (rparams && rparams->realm_enctype_valid)
- etype = rparams->realm_enctype;
- else
- etype = (def_enctype) ? def_enctype : DEFAULT_KDC_ETYPE;
-
- if (!valid_etype(etype)) {
- com_err(progname, KRB5_PROG_ETYPE_NOSUPP,
- "while setting up etype %d", etype);
- exit(1);
- }
-
/* Handle stash file */
if (rparams && rparams->realm_stash_file) {
rdp->realm_stash = strdup(rparams->realm_stash_file);
rparams->realm_num_keysalts = 0;
kslist = (krb5_key_salt_tuple *) rdp->realm_kstypes;
nkslist = rdp->realm_nkstypes;
- }
- else {
+ } else {
/*
* XXX
* Initialize default key/salt list.
*/
if ((kslist = (krb5_key_salt_tuple *)
malloc(sizeof(krb5_key_salt_tuple)))) {
- kslist->ks_keytype = KEYTYPE_DES;
+ kslist->ks_keytype = KEYTYPE_DES_CBC_CRC;
kslist->ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;
rdp->realm_kstypes = kslist;
rdp->realm_nkstypes = 1;
}
/* Select the specified encryption type */
- krb5_use_cstype(rdp->realm_context, &rdp->realm_encblock, etype);
+ krb5_use_keytype(rdp->realm_context, &rdp->realm_encblock,
+ rdp->realm_mkey.keytype);
/*
* Get the master key.
}
}
if (!rkey_init_done) {
+ krb5_keytype keytype;
/*
* If all that worked, then initialize the random key
* generators.
*/
- for (etype = 0; etype <= krb5_max_cryptosystem; etype++) {
- if (krb5_csarray[etype]) {
- if ((kret = (*krb5_csarray[etype]->system->
+ for (keytype = 0; keytype <= krb5_max_keytype; keytype++) {
+ if (krb5_keytype_array[keytype]) {
+ if ((kret = (*krb5_keytype_array[keytype]->system->
init_random_key)
(&rdp->realm_mkey,
- &krb5_csarray[etype]->random_sequence))) {
+ &krb5_keytype_array[keytype]->random_sequence))) {
com_err(progname, kret,
- "while setting up random key generator for etype %d--etype disabled",
- etype);
- krb5_csarray[etype] = 0;
+ "while setting up random key generator for keytype %d--keytype disabled",
+ keytype);
+ krb5_keytype_array[keytype] = 0;
}
}
}
rkey_init_done = 1;
}
- }
- else {
+ } else {
com_err(progname, kret, "while getting context for realm %s",
realm);
goto whoops;
char *rcname = KDCRCACHE;
char *lrealm;
krb5_error_code retval;
- krb5_keytype mkeytype = KEYTYPE_DES;
- krb5_enctype kdc_etype = DEFAULT_KDC_ETYPE;
+ krb5_keytype mkeytype = KEYTYPE_DES_CBC_CRC;
kdc_realm_t *rdatap;
krb5_boolean manual = FALSE;
krb5_int32 pport, sport;
if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
if ((retval = init_realm(argv[0], rdatap, optarg, db_name,
mkey_name, mkeytype, pport, sport,
- kdc_etype, manual))) {
+ manual))) {
fprintf(stderr,"%s: cannot initialize realm %s\n",
argv[0], optarg);
exit(1);
case 's':
sport = atoi(optarg);
break;
- case 'e':
- if (krb5_string_to_enctype(optarg, &kdc_etype))
- com_err(argv[0], 0, "invalid encryption type %s", optarg);
- break;
case '?':
default:
usage(argv[0]);
if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
if ((retval = init_realm(argv[0], rdatap, lrealm, db_name,
mkey_name, mkeytype, pport, sport,
- kdc_etype, manual))) {
+ manual))) {
fprintf(stderr,"%s: cannot initialize realm %s\n",
argv[0], lrealm);
exit(1);
projects / krb5.git / commitdiff