From: Sam Hartman <hartmans@mit.edu>
Date: Sat, 24 May 2003 01:03:30 +0000 (+0000)
Subject: When generating etype_info2 for DES style keys, use s2kparams to
X-Git-Tag: krb5-1.4-beta1~926
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=7f7fbec7637a8c1c1ee2f9afd5decf5fda230335;p=krb5.git

When generating etype_info2 for DES style keys, use s2kparams to
communicate the type if the key has afs3 salt.

If such s2kparams are received by the client, use the afs string2key
function to process the key.

Ticket: 1512
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15489 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 097fe7c9e..0b3ea7f83 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,11 @@
+2003-05-23  Sam Hartman  <hartmans@mit.edu>
+
+	* kdc_preauth.c (_make_etype_info_entry): Add flag to know if we
+	are producing etype_info2 so we know whether filling in s2kparams
+	is allowed.    In the etype_info2 case support afs3 salts.
+	(etype_info_helper): Pass in flag
+	(return_etype_info2): And here
+
 2003-05-23  Ezra Peisach  <epeisach@mit.edu>
 
 	* kdc_preauth.c (return_etype_info2): After encoding the
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 3dcced412..342f05021 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -572,12 +572,10 @@ cleanup:
 }
 
 static krb5_error_code
-_make_etype_info_entry(context, request, client_key, etype, entry)
-    krb5_context 		context;
-    krb5_kdc_req *		request;
-    krb5_key_data *		client_key;
-    const krb5_enctype		etype;
-    krb5_etype_info_entry **	entry;
+_make_etype_info_entry(krb5_context context,
+		       krb5_kdc_req *request, krb5_key_data *client_key,
+		       krb5_enctype etype, krb5_etype_info_entry **entry,
+		       int etype_info2)
 {
     krb5_data			salt;
     krb5_etype_info_entry *	tmp_entry; 
@@ -598,6 +596,24 @@ _make_etype_info_entry(context, request, client_key, etype, entry)
 			       client_key, &salt);
     if (retval)
 	goto fail;
+    if (etype_info2 && client_key->key_data_ver > 1 &&
+	client_key->key_data_type[1] == KRB5_KDB_SALTTYPE_AFS3) {
+	switch (etype) {
+	case ENCTYPE_DES_CBC_CRC:
+	case ENCTYPE_DES_CBC_MD4:
+	case ENCTYPE_DES_CBC_MD5:
+	    tmp_entry->s2kparams.data = malloc(1);
+	    if (tmp_entry->s2kparams.data == NULL) {
+		retval = ENOMEM;
+		goto fail;
+	    }
+	    tmp_entry->s2kparams.length = 1;
+	    tmp_entry->s2kparams.data[0] = 1;
+	    break;
+	default:
+	    break;
+	}
+    }
 
     if (salt.length >= 0) {
 	tmp_entry->length = salt.length;
@@ -608,8 +624,11 @@ _make_etype_info_entry(context, request, client_key, etype, entry)
     return 0;
 
 fail:
-    if (tmp_entry)
+    if (tmp_entry) {
+	if (tmp_entry->s2kparams.data)
+	    free(tmp_entry->s2kparams.data);
 	free(tmp_entry);
+    }
     if (salt.data)
 	free(salt.data);
     return retval;
@@ -654,7 +673,7 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
 	    assert(etype_info2 ||
 		   !enctype_requires_etype_info_2(db_etype));
 	    if ((retval = _make_etype_info_entry(context, request, client_key,
-			    db_etype, &entry[i])) != 0) {
+			    db_etype, &entry[i], etype_info2)) != 0) {
 		goto cleanup;
 	    }
 	    entry[i+1] = 0;
@@ -679,7 +698,7 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
 	    }
 	    if (request_contains_enctype(context, request, db_etype)) {
 		if ((retval = _make_etype_info_entry(context, request,
-				client_key, db_etype, &entry[i])) != 0) {
+				client_key, db_etype, &entry[i], etype_info2)) != 0) {
 		    goto cleanup;
 		}
 		entry[i+1] = 0;
@@ -754,7 +773,7 @@ return_etype_info2(krb5_context context, krb5_pa_data * padata,
     entry[0] = NULL;
     entry[1] = NULL;
     retval = _make_etype_info_entry(context, request, client_key, client_key->key_data_type[0],
-				    entry);
+				    entry, 1);
     if (retval)
 	goto cleanup;
     retval = encode_krb5_etype_info2((const krb5_etype_info_entry **) entry, &scratch);
diff --git a/src/lib/crypto/old/ChangeLog b/src/lib/crypto/old/ChangeLog
index c23b40371..bab270489 100644
--- a/src/lib/crypto/old/ChangeLog
+++ b/src/lib/crypto/old/ChangeLog
@@ -1,3 +1,9 @@
+2003-05-23  Sam Hartman  <hartmans@mit.edu>
+
+	* des_stringtokey.c (krb5int_des_string_to_key): If param has  one
+	byte, treat it as a type.   Type 0 is normal, type 1 is AFS
+	string2key. 
+
 2003-03-04  Ken Raeburn  <raeburn@mit.edu>
 
 	* des_stringtokey.c (krb5int_des_string_to_key): Renamed from
diff --git a/src/lib/crypto/old/des_stringtokey.c b/src/lib/crypto/old/des_stringtokey.c
index fd3440bda..20f2f053a 100644
--- a/src/lib/crypto/old/des_stringtokey.c
+++ b/src/lib/crypto/old/des_stringtokey.c
@@ -26,6 +26,7 @@
 
 #include "k5-int.h"
 #include "old.h"
+#include <des_int.h>
 
 /* XXX */
 extern krb5_error_code mit_des_string_to_key_int
@@ -41,7 +42,19 @@ krb5int_des_string_to_key(enc, string, salt, parm, key)
      const krb5_data *parm;
      krb5_keyblock *key;
 {
-    if (parm != NULL)
-	return KRB5_ERR_BAD_S2K_PARAMS;
+    int type;
+    if (parm ) {
+	if (parm->length != 1)
+	    return KRB5_ERR_BAD_S2K_PARAMS;
+	type = parm->data[0];
+    }
+    else type = 0;
+    switch(type) {
+    case 0:
     return(mit_des_string_to_key_int(key, string, salt));
+    case 1:
+	return mit_afs_string_to_key(key, string, salt);
+    default:
+	return KRB5_ERR_BAD_S2K_PARAMS;
+    }
 }