From: Tom Yu <tlyu@mit.edu>
Date: Wed, 7 Mar 2012 23:44:28 +0000 (+0000)
Subject: Pull up r25725 from trunk, along with backport of r25703
X-Git-Tag: krb5-1.10.1-final~7
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=adda449cadb58f6ab9aee5a9a15ee2b0d6702e8c;p=krb5.git

Pull up r25725 from trunk, along with backport of r25703

 ------------------------------------------------------------------------
 r25725 | tlyu | 2012-03-02 17:24:38 -0500 (Fri, 02 Mar 2012) | 4 lines

 ticket: 7092

 Add test cases for Windows RODC kvno compatibility

 ------------------------------------------------------------------------
 r25703 | ghudson | 2012-02-21 13:57:44 -0500 (Tue, 21 Feb 2012) | 15 lines

 ticket: 7092
 subject: kvno ASN.1 encoding interop with Windows RODCs

 RFC 4120 defines the EncryptedData kvno field as an integer in the
 range of unsigned 32-bit numbers.  Windows encodes and decodes the
 field as a signed 32-bit integer.  Historically we do the same in our
 encoder in 1.6 and prior, and in our decoder through 1.10.  (Actually,
 our decoder through 1.10 decoded the value as a long and then cast the
 result to unsigned int, so it would accept positive values >= 2^31 on
 64-bit platforms but not on 32-bit platforms.)

 kvno values that large (or negative) are only likely to appear in the
 context of Windows read-only domain controllers.  So do what Windows
 does instead of what RFC 4120 says.

ticket: 7092
status: resolved
version_fixed: 1.10.1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-10@25739 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c
index 018aae877..4c50dc1ce 100644
--- a/src/lib/krb5/asn.1/asn1_k_encode.c
+++ b/src/lib/krb5/asn.1/asn1_k_encode.c
@@ -143,9 +143,23 @@ optional_encrypted_data (const void *vptr)
     return optional;
 }
 
+/*
+ * Encode krb5_kvno as signed 32-bit for Windows RODC interop.  (This is an
+ * inelegant backport; it's an alteration of the expansion of DEFINTTYPE(kvno,
+ * krb5_kvno).)
+ */
+typedef krb5_kvno aux_typedefname_kvno;
+static asn1_intmax loadint_kvno(const void *p)
+{
+    return (krb5_int32)*(krb5_kvno *)p;
+}
+const struct atype_info krb5int_asn1type_kvno = {
+    atype_int, sizeof(krb5_kvno), 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    loadint_kvno, 0,
+};
 static const struct field_info encrypted_data_fields[] = {
     FIELDOF_NORM(krb5_enc_data, int32, enctype, 0),
-    FIELDOF_OPT(krb5_enc_data, uint, kvno, 1, 1),
+    FIELDOF_OPT(krb5_enc_data, kvno, kvno, 1, 1),
     FIELDOF_NORM(krb5_enc_data, ostring_data, ciphertext, 2),
 };
 DEFSEQTYPE(encrypted_data, krb5_enc_data, encrypted_data_fields,
diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c
index 32de38e16..f3d8a8657 100644
--- a/src/tests/asn.1/krb5_decode_test.c
+++ b/src/tests/asn.1/krb5_decode_test.c
@@ -888,6 +888,10 @@ int main(argc, argv)
     {
         setup(krb5_enc_data,"krb5_enc_data",ktest_make_sample_enc_data);
         decode_run("enc_data","","30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
+        ref.kvno = 0xFF000000;
+        decode_run("enc_data","(MSB-set kvno)","30 26 A0 03 02 01 00 A1 06 02 04 FF 00 00 00 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
+        ref.kvno = 0xFFFFFFFF;
+        decode_run("enc_data","(kvno=-1)","30 23 A0 03 02 01 00 A1 03 02 01 FF A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
         ktest_destroy_enc_data(&ref);
     }
 
diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c
index ef505833b..c17b39f84 100644
--- a/src/tests/asn.1/krb5_encode_test.c
+++ b/src/tests/asn.1/krb5_encode_test.c
@@ -648,6 +648,12 @@ main(argc, argv)
         setup(enc_data,krb5_enc_data,"enc_data",ktest_make_sample_enc_data);
         current_appl_type = 1001;
         encode_run(enc_data,krb5_enc_data,"enc_data","",encode_krb5_enc_data);
+        enc_data.kvno = 0xFF000000;
+        current_appl_type = 1001;
+        encode_run(enc_data,krb5_enc_data,"enc_data","(MSB-set kvno)",encode_krb5_enc_data);
+        enc_data.kvno = 0xFFFFFFFF;
+        current_appl_type = 1001;
+        encode_run(enc_data,krb5_enc_data,"enc_data","(kvno=-1)",encode_krb5_enc_data);
         ktest_destroy_enc_data(&enc_data);
     }
     /****************************************************************/
diff --git a/src/tests/asn.1/reference_encode.out b/src/tests/asn.1/reference_encode.out
index 92d21b1a9..d614362ec 100644
--- a/src/tests/asn.1/reference_encode.out
+++ b/src/tests/asn.1/reference_encode.out
@@ -49,6 +49,8 @@ encode_krb5_etype_info2 (only 1): 30 20 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 7
 encode_krb5_pa_enc_ts: 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40
 encode_krb5_pa_enc_ts (no usec): 30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
 encode_krb5_enc_data: 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_enc_data(MSB-set kvno): 30 26 A0 03 02 01 00 A1 06 02 04 FF 00 00 00 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_enc_data(kvno=-1): 30 23 A0 03 02 01 00 A1 03 02 01 FF A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
 encode_krb5_sam_challenge: 30 70 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
 encode_krb5_sam_response: 30 6A A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 14 30 12 A0 03 02 01 01 A1 04 02 02 07 96 A2 05 04 03 6B 65 79 A4 1C 30 1A A0 03 02 01 01 A1 04 02 02 0D 36 A2 0D 04 0B 6E 6F 6E 63 65 20 6F 72 20 74 73 A5 05 02 03 54 32 10 A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
 encode_krb5_sam_key: 30 15 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38
diff --git a/src/tests/asn.1/trval_reference.out b/src/tests/asn.1/trval_reference.out
index cc1daf3a2..7a713a7c9 100644
--- a/src/tests/asn.1/trval_reference.out
+++ b/src/tests/asn.1/trval_reference.out
@@ -1165,6 +1165,20 @@ encode_krb5_enc_data:
 .  [kvno] [Integer] 5
 .  [cipher] [Octet String] "krbASN.1 test message"
 
+encode_krb5_enc_data(MSB-set kvno):
+
+[Sequence/Sequence Of] 
+.  [etype] [Integer] 0
+.  [kvno] [Integer] -16777216
+.  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_enc_data(kvno=-1):
+
+[Sequence/Sequence Of] 
+.  [etype] [Integer] 0
+.  [kvno] [Integer] -1
+.  [cipher] [Octet String] "krbASN.1 test message"
+
 encode_krb5_sam_challenge:
 
 [Sequence/Sequence Of]