From 687635bc6786d4c6df368aa09c77e7903dcda8a6 Mon Sep 17 00:00:00 2001 From: Ezra Peisach Date: Mon, 11 Sep 1995 23:52:35 +0000 Subject: [PATCH] Reintegrate Macintosh changes while keeping Proven's changes git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6753 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/ChangeLog | 17 ++++++++ src/include/k5-int.h | 18 +++++++-- src/include/krb5.hin | 69 +++++++++++++------------------- src/include/krb5/adm.h | 11 ++--- src/include/krb5/adm_proto.h | 10 ++--- src/include/krb5/kdb.h | 8 ++-- src/include/krb5/stock/ChangeLog | 8 ++++ src/include/krb5/stock/osconf.h | 3 +- 8 files changed, 78 insertions(+), 66 deletions(-) diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 30fa3dba2..e813a51c5 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -7,8 +7,25 @@ Wed Sep 6 12:00:00 1995 James Mattly * k5-int.h: Added requisite defines, fake struct definitions for compilation on MACINTOSH. +Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) + + * k5-int.h krb5.hin : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g + +Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) + + * k5-int.h, krb5.hin : Remove krb5_enctype references, and replace with + krb5_keytype where appropriate. + Fri Sep 1 00:44:59 1995 Theodore Y. Ts'o + * k5-int.h: Added clockskew, kdc_req_sumtype, and + kdc_default_options to the krb5_context structure. + + * krb5.hin: Added expected nonce and request_time fields to the + krb5_response structure. The fields are used to pass + information from krb5_send_tgs() to + krb5_get_cred_via_tkt() so that it can do sanity checking. + * k5-int.h: Add time offset field to the os_context structure. This offset is added to the system clock time to produce the "true" time. diff --git a/src/include/k5-int.h b/src/include/k5-int.h index d76282f28..2dc2c1048 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -215,6 +215,10 @@ int stat(const char *path, struct stat *buf); int fstat(int fildes, struct stat *buf); #define EFBIG 1000 +#define OLD_CONFIG_FILES +#define PROF_NO_SECTION 1 +#define PROF_NO_RELATION 2 +#define KRB5_REALM_CANT_RESOLVE 1 #define NOFCHMOD 1 #define NOCHMOD 1 @@ -401,7 +405,7 @@ int win_socket_initialize(); #define KDC_ERR_NEVER_VALID 11 /* Requested starttime > endtime */ #define KDC_ERR_POLICY 12 /* KDC policy rejects request */ #define KDC_ERR_BADOPTION 13 /* KDC can't do requested opt. */ -#define KDC_ERR_ETYPE_NOSUPP 14 /* No support for encryption type */ +#define KDC_ERR_ENCTYPE_NOSUPP 14 /* No support for encryption type */ #define KDC_ERR_SUMTYPE_NOSUPP 15 /* No support for checksum type */ #define KDC_ERR_PADATA_TYPE_NOSUPP 16 /* No support for padata type */ #define KDC_ERR_TRTYPE_NOSUPP 17 /* No support for transited type */ @@ -885,16 +889,22 @@ krb5_error_code verify_securid_padata struct _krb5_context { krb5_magic magic; - krb5_enctype FAR *etypes; - int etype_count; + krb5_enctype FAR *ktypes; + int ktype_count; void FAR *os_context; char FAR *default_realm; profile_t profile; void FAR *db_context; int ser_ctx_count; - void FAR *ser_ctx; + void FAR *ser_ctx; + krb5_deltat clockskew; /* allowable clock skew */ + krb5_cksumtype kdc_req_sumtype; + krb5_flags kdc_default_options; + krb5_flags library_options; }; +#define KRB5_LIBOPT_SYNC_KDCTIME 0x0001 + /* * Begin "asn1.h" */ diff --git a/src/include/krb5.hin b/src/include/krb5.hin index 19ed896ba..423f19695 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -135,7 +135,6 @@ typedef unsigned int krb5_msgtype; typedef unsigned int krb5_kvno; typedef unsigned int krb5_addrtype; -typedef unsigned int krb5_keytype; typedef unsigned int krb5_enctype; typedef unsigned int krb5_cksumtype; typedef unsigned int krb5_authdatatype; @@ -283,8 +282,7 @@ typedef struct _krb5_auth_context FAR * krb5_auth_context; typedef struct _krb5_keyblock { krb5_magic magic; - krb5_keytype keytype; - krb5_enctype etype; /* hint of what encryption type to use */ + krb5_enctype enctype; int length; krb5_octet FAR *contents; } krb5_keyblock; @@ -307,7 +305,7 @@ typedef struct _krb5_encrypt_block { typedef struct _krb5_enc_data { krb5_magic magic; - krb5_enctype etype; + krb5_enctype enctype; krb5_kvno kvno; krb5_data ciphertext; } krb5_enc_data; @@ -329,7 +327,7 @@ typedef struct _krb5_cryptosystem_entry { krb5_const krb5_keyblock FAR *)); krb5_error_code (*finish_key) KRB5_NPROTOTYPE(( krb5_encrypt_block FAR *)); krb5_error_code (*string_to_key) KRB5_NPROTOTYPE((krb5_const krb5_encrypt_block FAR *, - krb5_const krb5_keytype, + krb5_const krb5_enctype, krb5_keyblock FAR *, krb5_const krb5_data FAR *, krb5_const krb5_data FAR *)); @@ -342,10 +340,7 @@ typedef struct _krb5_cryptosystem_entry { int block_length; int pad_minimum; /* needed for cksum size computation */ int keysize; - krb5_enctype proto_enctype; /* encryption type, - (assigned protocol number AND - table index) */ - krb5_keytype proto_keytype; /* key type, + krb5_enctype proto_enctype; /* key type, (assigned protocol number AND table index) */ } krb5_cryptosystem_entry; @@ -382,18 +377,12 @@ typedef struct _krb5_checksum_entry { } krb5_checksum_entry; /* per Kerberos v5 protocol spec */ -#define KEYTYPE_NULL 0x0000 -#define KEYTYPE_DES 0x0001 /* Data Encryption Standard, - FIPS 46,81 */ -#define KEYTYPE_UNKNOWN 0x01ff - -#define ETYPE_NULL 0x0000 -#define ETYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ -#define ETYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */ -#define ETYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */ -#define ETYPE_RAW_DES_CBC 0x0004 /* Raw DES cbc mode */ - -#define ETYPE_UNKNOWN 0x1FF /* Reserved local value */ +#define ENCTYPE_NULL 0x0000 +#define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ +#define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */ +#define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */ +#define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */ +#define ENCTYPE_UNKNOWN 0x01ff #define CKSUMTYPE_CRC32 0x0001 #define CKSUMTYPE_RSA_MD4 0x0002 @@ -419,17 +408,15 @@ extern int krb5_max_cryptosystem; /* max entry in array */ /* This array is indexed by key type, and has (should have) pointers to the same entries as krb5_csarray */ -/* XXX what if a given keytype works for several etypes? */ -extern krb5_cs_table_entry * NEAR krb5_keytype_array[]; -extern int krb5_max_keytype; /* max entry in array */ +/* XXX what if a given enctype works for several etypes? */ +extern krb5_cs_table_entry * NEAR krb5_enctype_array[]; +extern int krb5_max_enctype; /* max entry in array */ /* This array is indexed by checksum type */ extern krb5_checksum_entry * NEAR krb5_cksumarray[]; extern int krb5_max_cksum; /* max entry in array */ -#define valid_etype(etype) ((((int) (etype)) <= krb5_max_cryptosystem) && ((etype) > 0) && krb5_csarray[etype]) - -#define valid_keytype(ktype) ((((int) (ktype)) <= krb5_max_keytype) && ((ktype) > 0) && krb5_keytype_array[ktype]) +#define valid_enctype(ktype) ((((int) (ktype)) <= krb5_max_enctype) && ((ktype) > 0) && krb5_enctype_array[ktype]) #define valid_cksumtype(cktype) ((((int) (cktype)) <= krb5_max_cksum) && ((cktype) > 0) && krb5_cksumarray[cktype]) @@ -437,20 +424,17 @@ extern int krb5_max_cksum; /* max entry in array */ #define is_keyed_cksum(cktype) (krb5_cksumarray[cktype]->uses_key) /* set up *eblockp to use etype */ -#define krb5_use_cstype(context, eblockp, etype) (eblockp)->crypto_entry = krb5_csarray[(etype)]->system -/* ...or keytype */ -#define krb5_use_keytype(context, eblockp, keytype) (eblockp)->crypto_entry = krb5_keytype_array[(keytype)]->system +#define krb5_use_enctype(context, eblockp, enctype) (eblockp)->crypto_entry = krb5_enctype_array[(enctype)]->system #define krb5_encrypt(context, inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->encrypt_func)(inptr, outptr, size, eblock, ivec) #define krb5_decrypt(context, inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->decrypt_func)(inptr, outptr, size, eblock, ivec) #define krb5_process_key(context, eblock, key) (*(eblock)->crypto_entry->process_key)(eblock, key) #define krb5_finish_key(context, eblock) (*(eblock)->crypto_entry->finish_key)(eblock) -#define krb5_string_to_key(context, eblock, keytype, keyblock, data, princ) (*(eblock)->crypto_entry->string_to_key)(eblock, keytype, keyblock, data, princ) +#define krb5_string_to_key(context, eblock, enctype, keyblock, data, princ) (*(eblock)->crypto_entry->string_to_key)(eblock, enctype, keyblock, data, princ) #define krb5_init_random_key(context, eblock, keyblock, ptr) (*(eblock)->crypto_entry->init_random_key)(keyblock, ptr) #define krb5_finish_random_key(context, eblock, ptr) (*(eblock)->crypto_entry->finish_random_key)(ptr) #define krb5_random_key(context, eblock, ptr, keyblock) (*(eblock)->crypto_entry->random_key)(eblock, ptr, keyblock) -#define krb5_eblock_keytype(context, eblockp) ((eblockp)->crypto_entry->proto_keytype) #define krb5_eblock_enctype(context, eblockp) ((eblockp)->crypto_entry->proto_enctype) /* @@ -717,7 +701,7 @@ typedef struct _krb5_enc_tkt_part { krb5_magic magic; /* to-be-encrypted portion */ krb5_flags flags; /* flags */ - krb5_keyblock FAR *session; /* session key: includes keytype */ + krb5_keyblock FAR *session; /* session key: includes enctype */ krb5_principal client; /* client name/realm */ krb5_transited transited; /* list of transited realms */ krb5_ticket_times times; /* auth, start, end, renew_till */ @@ -800,8 +784,8 @@ typedef struct _krb5_kdc_req { krb5_timestamp till; /* requested endtime */ krb5_timestamp rtime; /* (optional) requested renew_till */ krb5_int32 nonce; /* nonce to match request/response */ - int netypes; /* # of etypes, must be positive */ - krb5_enctype FAR *etype; /* requested encryption type(s) */ + int nktypes; /* # of ktypes, must be positive */ + krb5_enctype FAR *ktype; /* requested enctype(s) */ krb5_address FAR * FAR *addresses; /* requested addresses, optional */ krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */ krb5_authdata FAR * FAR *unenc_authdata; /* unencrypted auth data, @@ -876,6 +860,8 @@ typedef struct _krb5_response { krb5_magic magic; krb5_octet message_type; krb5_data response; + krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */ + krb5_timestamp request_time; /* When we made the request */ } krb5_response; typedef struct _krb5_safe { @@ -1170,7 +1156,7 @@ typedef struct _krb5_kt_ops { krb5_keytab, krb5_principal, krb5_kvno, - krb5_keytype, + krb5_enctype, krb5_keytab_entry FAR *)); krb5_error_code (*start_seq_get) KRB5_NPROTOTYPE((krb5_context, @@ -1202,7 +1188,7 @@ typedef struct _krb5_kt_ops { #define krb5_kt_get_type(context, keytab) (*(keytab)->ops->prefix) #define krb5_kt_get_name(context, keytab, name, namelen) (*(keytab)->ops->get_name)(context, keytab,name,namelen) #define krb5_kt_close(context, keytab) (*(keytab)->ops->close)(context, keytab) -#define krb5_kt_get_entry(context, keytab, principal, vno, keytype, entry) (*(keytab)->ops->get)(context, keytab, principal, vno, keytype, entry) +#define krb5_kt_get_entry(context, keytab, principal, vno, enctype, entry) (*(keytab)->ops->get)(context, keytab, principal, vno, enctype, entry) #define krb5_kt_start_seq_get(context, keytab, cursor) (*(keytab)->ops->start_seq_get)(context, keytab, cursor) #define krb5_kt_next_entry(context, keytab, entry, cursor) (*(keytab)->ops->get_next)(context, keytab, entry, cursor) #define krb5_kt_end_seq_get(context, keytab, cursor) (*(keytab)->ops->end_get)(context, keytab, cursor) @@ -1225,10 +1211,10 @@ krb5_error_code INTERFACE krb5_init_context void krb5_free_context KRB5_PROTOTYPE((krb5_context)); -krb5_error_code krb5_set_default_in_tkt_etypes +krb5_error_code krb5_set_default_in_tkt_ktypes KRB5_PROTOTYPE((krb5_context, krb5_const krb5_enctype *)); -krb5_error_code krb5_get_default_in_tkt_etypes +krb5_error_code krb5_get_default_in_tkt_ktypes KRB5_PROTOTYPE((krb5_context, krb5_enctype **)); @@ -1646,7 +1632,7 @@ krb5_error_code krb5_get_in_tkt krb5_enctype *, krb5_preauthtype *, krb5_error_code ( * )(krb5_context, - krb5_const krb5_keytype, + krb5_const krb5_enctype, krb5_data *, krb5_const_pointer, krb5_keyblock **), @@ -1698,7 +1684,6 @@ krb5_error_code krb5_decode_kdc_rep KRB5_PROTOTYPE((krb5_context, krb5_data *, krb5_const krb5_keyblock *, - krb5_const krb5_enctype, krb5_kdc_rep ** )); krb5_error_code krb5_rd_req @@ -1724,7 +1709,7 @@ krb5_error_code krb5_kt_read_service_key krb5_pointer, krb5_principal, krb5_kvno, - krb5_keytype, + krb5_enctype, krb5_keyblock **)); krb5_error_code krb5_mk_safe KRB5_PROTOTYPE((krb5_context, diff --git a/src/include/krb5/adm.h b/src/include/krb5/adm.h index a3ba3e90b..cd461b1d4 100644 --- a/src/include/krb5/adm.h +++ b/src/include/krb5/adm.h @@ -163,13 +163,12 @@ #define KRB5_ADM_KT_PRINCIPAL 0 #define KRB5_ADM_KT_TIMESTAMP 1 #define KRB5_ADM_KT_VNO 2 -#define KRB5_ADM_KT_KEY_KEYTYPE 3 -#define KRB5_ADM_KT_KEY_ETYPE 4 -#define KRB5_ADM_KT_KEY_KEY 5 -#define KRB5_ADM_KT_NCOMPS 6 +#define KRB5_ADM_KT_KEY_ENCTYPE 3 +#define KRB5_ADM_KT_KEY_KEY 4 +#define KRB5_ADM_KT_NCOMPS 5 typedef struct __krb5_key_salt_tuple { - krb5_keytype ks_keytype; + krb5_enctype ks_enctype; krb5_int32 ks_salttype; } krb5_key_salt_tuple; @@ -184,7 +183,6 @@ typedef struct __krb5_realm_params { krb5_int32 realm_kdc_pport; krb5_int32 realm_kdc_sport; krb5_int32 realm_kadmind_port; - krb5_keytype realm_keytype; krb5_enctype realm_enctype; krb5_deltat realm_max_life; krb5_deltat realm_max_rlife; @@ -194,7 +192,6 @@ typedef struct __krb5_realm_params { unsigned int realm_kdc_pport_valid:1; unsigned int realm_kdc_sport_valid:1; unsigned int realm_kadmind_port_valid:1; - unsigned int realm_keytype_valid:1; unsigned int realm_enctype_valid:1; unsigned int realm_max_life_valid:1; unsigned int realm_max_rlife_valid:1; diff --git a/src/include/krb5/adm_proto.h b/src/include/krb5/adm_proto.h index 842ae5281..64b10c46c 100644 --- a/src/include/krb5/adm_proto.h +++ b/src/include/krb5/adm_proto.h @@ -167,12 +167,10 @@ krb5_error_code krb5_free_realm_params KRB5_PROTOTYPE((krb5_context, /* str_conv.c */ krb5_error_code -krb5_string_to_keytype KRB5_PROTOTYPE((char *, krb5_keytype *)); +krb5_string_to_enctype KRB5_PROTOTYPE((char *, krb5_enctype *)); krb5_error_code krb5_string_to_salttype KRB5_PROTOTYPE((char *, krb5_int32 *)); krb5_error_code -krb5_string_to_enctype KRB5_PROTOTYPE((char *, krb5_enctype *)); -krb5_error_code krb5_string_to_cksumtype KRB5_PROTOTYPE((char *, krb5_cksumtype *)); krb5_error_code krb5_string_to_flags KRB5_PROTOTYPE((char *, @@ -184,12 +182,10 @@ krb5_string_to_timestamp KRB5_PROTOTYPE((char *, krb5_timestamp *)); krb5_error_code krb5_string_to_deltat KRB5_PROTOTYPE((char *, krb5_deltat *)); krb5_error_code -krb5_keytype_to_string KRB5_PROTOTYPE((krb5_keytype, char *, size_t)); +krb5_enctype_to_string KRB5_PROTOTYPE((krb5_enctype, char *, size_t)); krb5_error_code krb5_salttype_to_string KRB5_PROTOTYPE((krb5_int32, char *, size_t)); krb5_error_code -krb5_enctype_to_string KRB5_PROTOTYPE((krb5_enctype, char *, size_t)); -krb5_error_code krb5_cksumtype_to_string KRB5_PROTOTYPE((krb5_cksumtype, char *, size_t)); krb5_error_code krb5_flags_to_string KRB5_PROTOTYPE((krb5_flags, @@ -210,7 +206,7 @@ krb5_deltat_to_string KRB5_PROTOTYPE((krb5_deltat, char *, size_t)); krb5_boolean krb5_keysalt_is_present KRB5_PROTOTYPE((krb5_key_salt_tuple *, krb5_int32, - krb5_keytype, + krb5_enctype, krb5_int32)); krb5_error_code krb5_keysalt_iterate diff --git a/src/include/krb5/kdb.h b/src/include/krb5/kdb.h index 3d6c77b46..032c40c67 100644 --- a/src/include/krb5/kdb.h +++ b/src/include/krb5/kdb.h @@ -44,7 +44,7 @@ typedef struct _krb5_tl_data { * If this ever changes up the version number and make the arrays be as * big as necessary. * - * Currently the first type is the keytype and the second is the salt type. + * Currently the first type is the enctype and the second is the salt type. */ typedef struct _krb5_key_data { krb5_int16 key_data_ver; /* Version */ @@ -298,10 +298,10 @@ void krb5_dbe_free_contents KRB5_PROTOTYPE((krb5_context, krb5_db_entry *)); -krb5_error_code krb5_dbe_find_keytype +krb5_error_code krb5_dbe_find_enctype KRB5_PROTOTYPE((krb5_context, krb5_db_entry *, - krb5_keytype, + krb5_enctype, krb5_int32, krb5_int32, krb5_key_data **)); @@ -346,7 +346,7 @@ krb5_error_code krb5_ser_db_context_init KRB5_PROTOTYPE((krb5_context)); typedef struct _krb5_encrypted_keyblock { krb5_magic magic; - short keytype; /* XXX this is SO ugly --- proven */ + short enctype; /* XXX this is SO ugly --- proven */ int length; krb5_octet *contents; } krb5_encrypted_keyblock; diff --git a/src/include/krb5/stock/ChangeLog b/src/include/krb5/stock/ChangeLog index f64192f4c..d95657385 100644 --- a/src/include/krb5/stock/ChangeLog +++ b/src/include/krb5/stock/ChangeLog @@ -2,6 +2,14 @@ Mon Jul 17 15:05:42 EDT 1995 Paul Park (pjpark@mit.edu) * osconf.h - Add DEFAULT_KEYFILE_STUB which puts the stashfile in the kdc directory instead of the root. Also, change the +Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) + + * osconf.h : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g + +Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) + + * osconf.h : Remove krb5_enctype references, and replace with + krb5_keytype where appropriate. default ETYPE to DES_CBC_MD5 now that it works. diff --git a/src/include/krb5/stock/osconf.h b/src/include/krb5/stock/osconf.h index 5271101d7..0c1353885 100644 --- a/src/include/krb5/stock/osconf.h +++ b/src/include/krb5/stock/osconf.h @@ -55,8 +55,7 @@ #define DEFAULT_KDC_PROFILE "@PREFIX/lib/krb5kdc/kdc.prof" #define KDC_PROFILE_ENV "KRB5_KDC_PROFILE" -#define DEFAULT_KDC_ETYPE ETYPE_DES_CBC_MD5 -#define DEFAULT_KDC_KEYTYPE KEYTYPE_DES +#define DEFAULT_KDC_ENCTYPE ENCTYPE_DES_CBC_CRC #define KDCRCACHE "dfl:krb5kdc_rcache" #define KDC_PORTNAME "kerberos" /* for /etc/services or equiv. */ -- 2.26.2