From 83c40776396c2c79a1f3a582cb1be6872b871be5 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 28 Oct 2009 19:17:35 +0000 Subject: [PATCH] Bump the accessor version number since we made changes. Take the opportunity to regularize accessor field names (no krb5 or krb5int prefixes). Fix a test program which was still using krb5_hmac. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23081 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/k5-int.h | 34 +++++++++----------- src/lib/crypto/crypto_tests/t_hmac.c | 2 +- src/lib/gssapi/krb5/accept_sec_context.c | 6 ++-- src/lib/gssapi/krb5/ser_sctx.c | 14 ++++---- src/lib/gssapi/krb5/util_crypt.c | 21 ++++++------ src/lib/krb5/os/accessor.c | 18 ++++------- src/plugins/preauth/pkinit/pkinit_accessor.c | 4 +-- 7 files changed, 47 insertions(+), 52 deletions(-) diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 9217174f2..e6f84562e 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2218,7 +2218,7 @@ void krb5int_free_srv_dns_data(struct srv_dns_entry *); /* To keep happy libraries which are (for now) accessing internal stuff */ /* Make sure to increment by one when changing the struct */ -#define KRB5INT_ACCESS_STRUCT_VERSION 14 +#define KRB5INT_ACCESS_STRUCT_VERSION 15 #ifndef ANAME_SZ struct ktext; /* from krb.h, for krb524 support */ @@ -2227,11 +2227,13 @@ typedef struct _krb5int_access { /* crypto stuff */ const struct krb5_hash_provider *md5_hash_provider; const struct krb5_enc_provider *arcfour_enc_provider; - krb5_error_code (* krb5int_hmac) (const struct krb5_hash_provider *hash, - const krb5_keyblock *key, - unsigned int icount, const krb5_data *input, - krb5_data *output); - krb5_error_code (* krb5_auth_con_get_subkey_enctype)(krb5_context, krb5_auth_context, krb5_enctype *); + krb5_error_code (*hmac)(const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + unsigned int icount, const krb5_data *input, + krb5_data *output); + krb5_error_code (*auth_con_get_subkey_enctype)(krb5_context, + krb5_auth_context, + krb5_enctype *); /* service location and communication */ krb5_error_code (*sendto_udp) (krb5_context, const krb5_data *msg, const struct addrlist *, struct sendto_callback_info*, krb5_data *reply, @@ -2253,16 +2255,12 @@ typedef struct _krb5int_access { int (*use_dns_kdc)(krb5_context); krb5_error_code (*clean_hostname)(krb5_context, const char *, char *, size_t); - /* krb4 compatibility stuff -- may be null if not enabled */ - krb5_int32 (*krb_life_to_time)(krb5_int32, int); - int (*krb_time_to_life)(krb5_int32, krb5_int32); - int (*krb524_encode_v4tkt)(struct ktext *, char *, unsigned int *); - krb5_error_code (*krb5int_c_mandatory_cksumtype) - (krb5_context, krb5_enctype, krb5_cksumtype *); - krb5_error_code (KRB5_CALLCONV *krb5_ser_pack_int64) - (krb5_int64, krb5_octet **, size_t *); - krb5_error_code (KRB5_CALLCONV *krb5_ser_unpack_int64) - (krb5_int64 *, krb5_octet **, size_t *); + krb5_error_code (*mandatory_cksumtype)(krb5_context, krb5_enctype, + krb5_cksumtype *); + krb5_error_code (KRB5_CALLCONV *ser_pack_int64)(krb5_int64, krb5_octet **, + size_t *); + krb5_error_code (KRB5_CALLCONV *ser_unpack_int64)(krb5_int64 *, + krb5_octet **, size_t *); /* Used for KDB LDAP back end. */ krb5_error_code @@ -2342,9 +2340,9 @@ typedef struct _krb5int_access { (const krb5_data *output, krb5_kdc_req **rep); krb5_error_code (*encode_krb5_kdc_req_body) (const krb5_kdc_req *rep, krb5_data **code); - void (KRB5_CALLCONV *krb5_free_kdc_req) + void (KRB5_CALLCONV *free_kdc_req) (krb5_context, krb5_kdc_req * ); - void (*krb5int_set_prompt_types) + void (*set_prompt_types) (krb5_context, krb5_prompt_type *); krb5_error_code (*encode_krb5_authdata_elt) (const krb5_authdata *rep, krb5_data **code); diff --git a/src/lib/crypto/crypto_tests/t_hmac.c b/src/lib/crypto/crypto_tests/t_hmac.c index 30830d617..d09adb080 100644 --- a/src/lib/crypto/crypto_tests/t_hmac.c +++ b/src/lib/crypto/crypto_tests/t_hmac.c @@ -122,7 +122,7 @@ static krb5_error_code hmac1(const struct krb5_hash_provider *h, } printd(" hmac input", in); krb5_k_create_key(NULL, key, &k); - err = krb5_hmac(h, k, 1, in, out); + err = krb5int_hmac(h, k, 1, in, out); krb5_k_free_key(NULL, k); if (err == 0) printd(" hmac output", out); diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index b6c216d58..ccfdb5c1c 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -988,9 +988,9 @@ kg_accept_krb5(minor_status, context_handle, if (ctx->proto == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE) == 0 && (ap_req_options & AP_OPTS_USE_SUBKEY)) { - code = (*kaccess.krb5_auth_con_get_subkey_enctype) (context, - auth_context, - &negotiated_etype); + code = (*kaccess.auth_con_get_subkey_enctype)(context, + auth_context, + &negotiated_etype); if (code != 0) { major_status = GSS_S_FAILURE; goto fail; diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c index bdcd7685e..4987b2e9c 100644 --- a/src/lib/gssapi/krb5/ser_sctx.c +++ b/src/lib/gssapi/krb5/ser_sctx.c @@ -433,10 +433,10 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain) &bp, &remain); (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags, &bp, &remain); - (void) (*kaccess.krb5_ser_pack_int64)((krb5_int64) ctx->seq_send, - &bp, &remain); - (void) (*kaccess.krb5_ser_pack_int64)((krb5_int64) ctx->seq_recv, - &bp, &remain); + (void) (*kaccess.ser_pack_int64)((krb5_int64) ctx->seq_send, + &bp, &remain); + (void) (*kaccess.ser_pack_int64)((krb5_int64) ctx->seq_recv, + &bp, &remain); /* Now dynamic data */ kret = 0; @@ -644,8 +644,10 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain) ctx->krb_times.renew_till = (krb5_timestamp) ibuf; (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); ctx->krb_flags = (krb5_flags) ibuf; - (void) (*kaccess.krb5_ser_unpack_int64)((krb5_int64 *)&ctx->seq_send, &bp, &remain); - kret = (*kaccess.krb5_ser_unpack_int64)((krb5_int64 *)&ctx->seq_recv, &bp, &remain); + (void) (*kaccess.ser_unpack_int64)((krb5_int64 *)&ctx->seq_send, + &bp, &remain); + kret = (*kaccess.ser_unpack_int64)((krb5_int64 *)&ctx->seq_recv, + &bp, &remain); if (kret) { free(ctx); return kret; diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c index 0f712ea46..e0970865b 100644 --- a/src/lib/gssapi/krb5/util_crypt.c +++ b/src/lib/gssapi/krb5/util_crypt.c @@ -119,9 +119,8 @@ kg_setup_keys(krb5_context context, krb5_gss_ctx_id_rec *ctx, krb5_key subkey, if (code != 0) return code; - code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, - subkey->keyblock.enctype, - cksumtype); + code = (*kaccess.mandatory_cksumtype)(context, subkey->keyblock.enctype, + cksumtype); if (code != 0) return code; @@ -321,8 +320,8 @@ kg_arcfour_docrypt(const krb5_keyblock *longterm_key , int ms_usage, input.length = i; output.data = (void *) usage_key.contents; output.length = usage_key.length; - code = (*kaccess.krb5int_hmac) (kaccess.md5_hash_provider, - longterm_key, 1, &input, &output); + code = (*kaccess.hmac)(kaccess.md5_hash_provider, longterm_key, 1, + &input, &output); if (code) goto cleanup_arcfour; if (exportable) @@ -331,8 +330,8 @@ kg_arcfour_docrypt(const krb5_keyblock *longterm_key , int ms_usage, input.data = ( void *) kd_data; input.length = kd_data_len; output.data = (void *) seq_enc_key.contents; - code = (*kaccess.krb5int_hmac) (kaccess.md5_hash_provider, - &usage_key, 1, &input, &output); + code = (*kaccess.hmac)(kaccess.md5_hash_provider, &usage_key, 1, + &input, &output); if (code) goto cleanup_arcfour; input.data = ( void * ) input_buf; @@ -667,8 +666,8 @@ kg_arcfour_docrypt_iov(krb5_context context, input.length = i; output.data = (void *) usage_key.contents; output.length = usage_key.length; - code = (*kaccess.krb5int_hmac) (kaccess.md5_hash_provider, - longterm_key, 1, &input, &output); + code = (*kaccess.hmac)(kaccess.md5_hash_provider, longterm_key, 1, + &input, &output); if (code) goto cleanup_arcfour; if (exportable) @@ -677,8 +676,8 @@ kg_arcfour_docrypt_iov(krb5_context context, input.data = ( void *) kd_data; input.length = kd_data_len; output.data = (void *) seq_enc_key.contents; - code = (*kaccess.krb5int_hmac) (kaccess.md5_hash_provider, - &usage_key, 1, &input, &output); + code = (*kaccess.hmac)(kaccess.md5_hash_provider, &usage_key, 1, + &input, &output); if (code) goto cleanup_arcfour; diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c index 6df7e1100..a051736b5 100644 --- a/src/lib/krb5/os/accessor.c +++ b/src/lib/krb5/os/accessor.c @@ -52,8 +52,8 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) krb5int_access internals_temp; #endif S (free_addrlist, krb5int_free_addrlist), - S (krb5int_hmac, krb5int_hmac_keyblock), - S (krb5_auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype), + S (hmac, krb5int_hmac_keyblock), + S (auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype), S (md5_hash_provider, &krb5int_hash_md5), S (arcfour_enc_provider, &krb5int_enc_arcfour), S (sendto_udp, &krb5int_sendto), @@ -70,18 +70,14 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) #undef SC S (clean_hostname, krb5int_clean_hostname), - S (krb_life_to_time, 0), - S (krb_time_to_life, 0), - S (krb524_encode_v4tkt, 0), - - S (krb5int_c_mandatory_cksumtype, krb5int_c_mandatory_cksumtype), + S (mandatory_cksumtype, krb5int_c_mandatory_cksumtype), #ifndef LEAN_CLIENT #define SC(FIELD, VAL) S(FIELD, VAL) #else /* disable */ #define SC(FIELD, VAL) S(FIELD, 0) #endif - SC (krb5_ser_pack_int64, krb5_ser_pack_int64), - SC (krb5_ser_unpack_int64, krb5_ser_unpack_int64), + SC (ser_pack_int64, krb5_ser_pack_int64), + SC (ser_unpack_int64, krb5_ser_unpack_int64), #undef SC #ifdef ENABLE_LDAP @@ -125,8 +121,8 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) SC (decode_krb5_td_dh_parameters, decode_krb5_td_dh_parameters), SC (decode_krb5_as_req, decode_krb5_as_req), SC (encode_krb5_kdc_req_body, encode_krb5_kdc_req_body), - SC (krb5_free_kdc_req, krb5_free_kdc_req), - SC (krb5int_set_prompt_types, krb5int_set_prompt_types), + SC (free_kdc_req, krb5_free_kdc_req), + SC (set_prompt_types, krb5int_set_prompt_types), SC (encode_krb5_authdata_elt, encode_krb5_authdata_elt), #undef SC diff --git a/src/plugins/preauth/pkinit/pkinit_accessor.c b/src/plugins/preauth/pkinit/pkinit_accessor.c index e954ca361..e310b0040 100644 --- a/src/plugins/preauth/pkinit/pkinit_accessor.c +++ b/src/plugins/preauth/pkinit/pkinit_accessor.c @@ -111,8 +111,8 @@ k5int_decode_##type = k5int.decode_##type; k5int_decode_krb5_principal_name = k5int.decode_krb5_principal_name; k5int_decode_krb5_as_req = k5int.decode_krb5_as_req; k5int_encode_krb5_kdc_req_body = k5int.encode_krb5_kdc_req_body; - k5int_krb5_free_kdc_req = k5int.krb5_free_kdc_req; - k5int_set_prompt_types = k5int.krb5int_set_prompt_types; + k5int_krb5_free_kdc_req = k5int.free_kdc_req; + k5int_set_prompt_types = k5int.set_prompt_types; k5int_encode_krb5_authdata_elt = k5int.encode_krb5_authdata_elt; return 0; } -- 2.26.2