From 912d4caa379df94d4c82001bed40aa3858b525f0 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Sat, 6 Apr 2002 01:47:59 +0000 Subject: [PATCH] call krb5_c_ versions of enctype/cksumtype checking routines git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14367 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/dbutil/ChangeLog | 7 +++++++ src/kadmin/dbutil/kdb5_stash.c | 6 +++--- src/kadmin/dbutil/kdb5_util.c | 4 ++-- src/kadmin/dbutil/loadv4.c | 6 +++--- src/kdc/ChangeLog | 8 ++++++++ src/kdc/do_as_req.c | 10 +++++----- src/kdc/do_tgs_req.c | 2 +- src/kdc/kdc_util.c | 6 +++--- src/lib/krb5/krb/ChangeLog | 18 ++++++++++++++++++ src/lib/krb5/krb/decrypt_tk.c | 2 +- src/lib/krb5/krb/encode_kdc.c | 2 +- src/lib/krb5/krb/gc_frm_kdc.c | 6 +++--- src/lib/krb5/krb/gic_keytab.c | 2 +- src/lib/krb5/krb/in_tkt_ktb.c | 2 +- src/lib/krb5/krb/in_tkt_sky.c | 2 +- src/lib/krb5/krb/init_ctx.c | 4 ++-- src/lib/krb5/krb/mk_safe.c | 5 +++-- src/lib/krb5/krb/rd_safe.c | 6 +++--- src/lib/krb5/krb/send_tgs.c | 2 +- src/tests/create/ChangeLog | 5 +++++ src/tests/create/kdb5_mkdums.c | 6 +++--- src/tests/verify/ChangeLog | 5 +++++ src/tests/verify/kdb5_verify.c | 6 +++--- 23 files changed, 83 insertions(+), 39 deletions(-) diff --git a/src/kadmin/dbutil/ChangeLog b/src/kadmin/dbutil/ChangeLog index de2ba00d7..af9b18496 100644 --- a/src/kadmin/dbutil/ChangeLog +++ b/src/kadmin/dbutil/ChangeLog @@ -1,3 +1,10 @@ +2002-04-05 Ken Raeburn + + * kdb5_stash.c (kdb5_stash): Call krb5_c_valid_enctype instead of + valid_enctype. + * kdb5_util.c (main, open_db_and_mkey): Likewise. + * loadv4.c (load_v4db): Likewise. + 2002-01-08 Sam Hartman * kdb5_create.c (kdb5_create): Load strong random data diff --git a/src/kadmin/dbutil/kdb5_stash.c b/src/kadmin/dbutil/kdb5_stash.c index 0c6aed5ca..37db048ac 100644 --- a/src/kadmin/dbutil/kdb5_stash.c +++ b/src/kadmin/dbutil/kdb5_stash.c @@ -70,8 +70,8 @@ extern int close_policy_db; void kdb5_stash(argc, argv) -int argc; -char *argv[]; + int argc; + char *argv[]; { extern char *optarg; extern int optind; @@ -110,7 +110,7 @@ char *argv[]; } } - if (!valid_enctype(master_keyblock.enctype)) { + if (!krb5_c_valid_enctype(master_keyblock.enctype)) { char tmp[32]; if (krb5_enctype_to_string(master_keyblock.enctype, tmp, sizeof(tmp))) com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c index d44f86714..bace2fae4 100644 --- a/src/kadmin/dbutil/kdb5_util.c +++ b/src/kadmin/dbutil/kdb5_util.c @@ -230,7 +230,7 @@ int main(argc, argv) master_keyblock.enctype = global_params.enctype; if ((master_keyblock.enctype != ENCTYPE_UNKNOWN) && - (!valid_enctype(master_keyblock.enctype))) { + (!krb5_c_valid_enctype(master_keyblock.enctype))) { com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, "while setting up enctype %d", master_keyblock.enctype); } @@ -369,7 +369,7 @@ static int open_db_and_mkey() /* If no encryption type is set, use the default */ if (master_keyblock.enctype == ENCTYPE_UNKNOWN) { master_keyblock.enctype = DEFAULT_KDC_ENCTYPE; - if (!valid_enctype(master_keyblock.enctype)) + if (!krb5_c_valid_enctype(master_keyblock.enctype)) com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, "while setting up enctype %d", master_keyblock.enctype); diff --git a/src/kadmin/dbutil/loadv4.c b/src/kadmin/dbutil/loadv4.c index 74710884c..7ddba43c0 100644 --- a/src/kadmin/dbutil/loadv4.c +++ b/src/kadmin/dbutil/loadv4.c @@ -154,8 +154,8 @@ static krb5_principal_data db_create_princ = { void load_v4db(argc, argv) -int argc; -char *argv[]; + int argc; + char *argv[]; { krb5_error_code retval; /* The kdb library will default to this, but it is convenient to @@ -247,7 +247,7 @@ char *argv[]; return; } - if (!valid_enctype(master_keyblock.enctype)) { + if (!krb5_c_valid_enctype(master_keyblock.enctype)) { com_err(PROGNAME, KRB5_PROG_KEYTYPE_NOSUPP, "while setting up enctype %d", master_keyblock.enctype); krb5_free_context(context); diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 9a7090680..1805af097 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,11 @@ +2002-04-05 Ken Raeburn + + * do_as_req.c (process_as_req): Call krb5_c_valid_enctype instead + of valid_enctype. + * do_tgs_req.c (process_tgs_req): Likewise. + * kdc_util.c (select_session_keytype): Likewise. + (comp_cksum): Similarly for valid_cksumtype, is_coll_proof_cksum. + 2002-02-20 Ken Raeburn * network.c: Include foreachaddr.c. diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 8ccada4c7..45ef81178 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -51,10 +51,10 @@ static krb5_error_code prepare_error_as (krb5_kdc_req *, int, krb5_data *, /*ARGSUSED*/ krb5_error_code process_as_req(request, from, portnum, response) -register krb5_kdc_req *request; -const krb5_fulladdr *from; /* who sent it ? */ -int portnum; -krb5_data **response; /* filled in with a response packet */ + krb5_kdc_req *request; + const krb5_fulladdr *from; /* who sent it ? */ + int portnum; + krb5_data **response; /* filled in with a response packet */ { krb5_db_entry client, server; @@ -338,7 +338,7 @@ krb5_data **response; /* filled in with a response packet */ client_key = (krb5_key_data *) NULL; for (i = 0; i < request->nktypes; i++) { useenctype = request->ktype[i]; - if (!valid_enctype(useenctype)) + if (!krb5_c_valid_enctype(useenctype)) continue; if (!krb5_dbe_find_enctype(kdc_context, &client, useenctype, -1, diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 2da823cbe..ce1047947 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -238,7 +238,7 @@ tgt_again: } etype = request->second_ticket[st_idx]->enc_part2->session->enctype; - if (!valid_enctype(etype)) { + if (!krb5_c_valid_enctype(etype)) { status = "BAD_ETYPE_IN_2ND_TKT"; errcode = KRB5KDC_ERR_ETYPE_NOSUPP; goto cleanup; diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index c0c35dad4..779d0a80f 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -179,11 +179,11 @@ comp_cksum(kcontext, source, ticket, his_cksum) krb5_error_code retval; krb5_boolean valid; - if (!valid_cksumtype(his_cksum->checksum_type)) + if (!krb5_c_valid_cksumtype(his_cksum->checksum_type)) return KRB5KDC_ERR_SUMTYPE_NOSUPP; /* must be collision proof */ - if (!is_coll_proof_cksum(his_cksum->checksum_type)) + if (!krb5_c_is_coll_proof_cksum(his_cksum->checksum_type)) return KRB5KRB_AP_ERR_INAPP_CKSUM; /* verify checksum */ @@ -1456,7 +1456,7 @@ select_session_keytype(context, server, nktypes, ktype) int i; for (i = 0; i < nktypes; i++) { - if (!valid_enctype(ktype[i])) + if (!krb5_c_valid_enctype(ktype[i])) continue; if (!krb5_is_permitted_enctype(context, ktype[i])) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index f2d3ac21f..9e062c3e7 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,21 @@ +2002-04-05 Ken Raeburn + + * decrypt_tk.c (krb5_decrypt_tkt_part): Call krb5_c_valid_enctype + instead of valid_enctype. + * encode_kdc.c (krb5_encode_kdc_rep): Likewise. + * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Likewise. + * gic_keytab.c (krb5_get_as_key_keytab): Likewise. + * in_tkt_ktb.c (keytab_keyproc): Likewise. + * in_tkt_sky.c (skey_keyproc): Likewise. + * init_ctx.c (krb5_set_default_in_tkt_ktypes, + krb5_set_default_tgs_enctypes): Likewise. + * send_tgs.c (krb5_send_tgs): Likewise. + + * mk_safe.c (krb5_mk_safe_basic): Call krb5_c_valid_cksumtype, + krb5_c_is_coll_proof_cksum, krb5_c_is_keyed_cksum instead of + non-prefixed forms. + * rd_safe.c (krb5_rd_safe_basic): Likewise. + 2002-03-28 Sam Hartman * Makefile.in : New file init_keyblock.c diff --git a/src/lib/krb5/krb/decrypt_tk.c b/src/lib/krb5/krb/decrypt_tk.c index c8b35d442..d1c44ba02 100644 --- a/src/lib/krb5/krb/decrypt_tk.c +++ b/src/lib/krb5/krb/decrypt_tk.c @@ -48,7 +48,7 @@ krb5_decrypt_tkt_part(context, srv_key, ticket) krb5_data scratch; krb5_error_code retval; - if (!valid_enctype(ticket->enc_part.enctype)) + if (!krb5_c_valid_enctype(ticket->enc_part.enctype)) return KRB5_PROG_ETYPE_NOSUPP; scratch.length = ticket->enc_part.ciphertext.length; diff --git a/src/lib/krb5/krb/encode_kdc.c b/src/lib/krb5/krb/encode_kdc.c index 3b0410dd3..fb19f3fc4 100644 --- a/src/lib/krb5/krb/encode_kdc.c +++ b/src/lib/krb5/krb/encode_kdc.c @@ -59,7 +59,7 @@ krb5_encode_kdc_rep(context, type, encpart, using_subkey, client_key, krb5_enc_kdc_rep_part tmp_encpart; krb5_keyusage usage; - if (!valid_enctype(dec_rep->enc_part.enctype)) + if (!krb5_c_valid_enctype(dec_rep->enc_part.enctype)) return KRB5_PROG_ETYPE_NOSUPP; switch (type) { diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index 25ae0a601..26f195b26 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -230,7 +230,7 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt) /* didn't find it in the cache so try and get one */ /* with current tgt. */ - if (!valid_enctype(tgt.keyblock.enctype)) { + if (!krb5_c_valid_enctype(tgt.keyblock.enctype)) { retval = KRB5_PROG_ETYPE_NOSUPP; goto cleanup; } @@ -291,7 +291,7 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt) /* not in the cache so try and get one with our current tgt. */ - if (!valid_enctype(tgt.keyblock.enctype)) { + if (!krb5_c_valid_enctype(tgt.keyblock.enctype)) { retval = KRB5_PROG_ETYPE_NOSUPP; goto cleanup; } @@ -375,7 +375,7 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt) /* got/finally have tgt! try for the creds */ - if (!valid_enctype(tgt.keyblock.enctype)) { + if (!krb5_c_valid_enctype(tgt.keyblock.enctype)) { retval = KRB5_PROG_ETYPE_NOSUPP; goto cleanup; } diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c index 461940657..4fd0aed93 100644 --- a/src/lib/krb5/krb/gic_keytab.c +++ b/src/lib/krb5/krb/gic_keytab.c @@ -28,7 +28,7 @@ krb5_get_as_key_keytab( as_key->length = 0; } - if (!valid_enctype(etype)) + if (!krb5_c_valid_enctype(etype)) return(KRB5_PROG_ETYPE_NOSUPP); if ((ret = krb5_kt_get_entry(context, keytab, client, diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c index 9991c9709..5d8cf3c6d 100644 --- a/src/lib/krb5/krb/in_tkt_ktb.c +++ b/src/lib/krb5/krb/in_tkt_ktb.c @@ -64,7 +64,7 @@ keytab_keyproc(context, type, salt, keyseed, key) kt_id = arg->keytab; - if (!valid_enctype(type)) + if (!krb5_c_valid_enctype(type)) return KRB5_PROG_ETYPE_NOSUPP; if (kt_id == NULL) diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c index 245a03243..168ada566 100644 --- a/src/lib/krb5/krb/in_tkt_sky.c +++ b/src/lib/krb5/krb/in_tkt_sky.c @@ -61,7 +61,7 @@ skey_keyproc(context, type, salt, keyseed, key) keyblock = (const krb5_keyblock *)keyseed; - if (!valid_enctype(type)) + if (!krb5_c_valid_enctype(type)) return KRB5_PROG_ETYPE_NOSUPP; if ((retval = krb5_copy_keyblock(context, keyblock, &realkey))) diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 79a1cb09e..c2477c5e2 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -273,7 +273,7 @@ krb5_set_default_in_tkt_ktypes(context, ktypes) if (ktypes) { for (i = 0; ktypes[i]; i++) { - if (!valid_enctype(ktypes[i])) + if (!krb5_c_valid_enctype(ktypes[i])) return KRB5_PROG_ETYPE_NOSUPP; } @@ -400,7 +400,7 @@ krb5_set_default_tgs_enctypes (context, ktypes) if (ktypes) { for (i = 0; ktypes[i]; i++) { - if (!valid_enctype(ktypes[i])) + if (!krb5_c_valid_enctype(ktypes[i])) return KRB5_PROG_ETYPE_NOSUPP; } diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c index eef712007..d34f88668 100644 --- a/src/lib/krb5/krb/mk_safe.c +++ b/src/lib/krb5/krb/mk_safe.c @@ -64,9 +64,10 @@ krb5_mk_safe_basic(context, userdata, keyblock, replaydata, local_addr, krb5_checksum safe_checksum; krb5_data *scratch1, *scratch2; - if (!valid_cksumtype(sumtype)) + if (!krb5_c_valid_cksumtype(sumtype)) return KRB5_PROG_SUMTYPE_NOSUPP; - if (!is_coll_proof_cksum(sumtype) || !is_keyed_cksum(sumtype)) + if (!krb5_c_is_coll_proof_cksum(sumtype) + || !krb5_c_is_keyed_cksum(sumtype)) return KRB5KRB_AP_ERR_INAPP_CKSUM; safemsg.user_data = *userdata; diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c index a7f87b23d..200a338cb 100644 --- a/src/lib/krb5/krb/rd_safe.c +++ b/src/lib/krb5/krb/rd_safe.c @@ -70,12 +70,12 @@ krb5_rd_safe_basic(context, inbuf, keyblock, recv_addr, sender_addr, if ((retval = decode_krb5_safe(inbuf, &message))) return retval; - if (!valid_cksumtype(message->checksum->checksum_type)) { + if (!krb5_c_valid_cksumtype(message->checksum->checksum_type)) { retval = KRB5_PROG_SUMTYPE_NOSUPP; goto cleanup; } - if (!is_coll_proof_cksum(message->checksum->checksum_type) || - !is_keyed_cksum(message->checksum->checksum_type)) { + if (!krb5_c_is_coll_proof_cksum(message->checksum->checksum_type) || + !krb5_c_is_keyed_cksum(message->checksum->checksum_type)) { retval = KRB5KRB_AP_ERR_INAPP_CKSUM; goto cleanup; } diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c index 452600201..341296cb3 100644 --- a/src/lib/krb5/krb/send_tgs.c +++ b/src/lib/krb5/krb/send_tgs.c @@ -197,7 +197,7 @@ krb5_send_tgs(context, kdcoptions, timestruct, ktypes, sname, addrs, if (ktypes) { /* Check passed ktypes and make sure they're valid. */ for (tgsreq.nktypes = 0; ktypes[tgsreq.nktypes]; tgsreq.nktypes++) { - if (!valid_enctype(ktypes[tgsreq.nktypes])) + if (!krb5_c_valid_enctype(ktypes[tgsreq.nktypes])) return KRB5_PROG_ETYPE_NOSUPP; } tgsreq.ktype = (krb5_enctype *)ktypes; diff --git a/src/tests/create/ChangeLog b/src/tests/create/ChangeLog index c9e18d510..7c24a40db 100644 --- a/src/tests/create/ChangeLog +++ b/src/tests/create/ChangeLog @@ -1,3 +1,8 @@ +2002-04-05 Ken Raeburn + + * kdb5_mkdums.c (main): Call krb5_c_valid_enctype instead of + valid_enctype. + 2001-11-19 Ezra Peisach * kdb5_mkdums.c (main): Invoke krb5_free_context when finished. diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c index 327539580..d9c34062d 100644 --- a/src/tests/create/kdb5_mkdums.c +++ b/src/tests/create/kdb5_mkdums.c @@ -81,8 +81,8 @@ void add_princ (krb5_context, char *); int main(argc, argv) -int argc; -char *argv[]; + int argc; + char *argv[]; { extern char *optarg; int optchar, i, n; @@ -159,7 +159,7 @@ char *argv[]; if (!enctypedone) master_keyblock.enctype = DEFAULT_KDC_ENCTYPE; - if (!valid_enctype(master_keyblock.enctype)) { + if (!krb5_c_valid_enctype(master_keyblock.enctype)) { com_err(progname, KRB5_PROG_ETYPE_NOSUPP, "while setting up enctype %d", master_keyblock.enctype); exit(1); diff --git a/src/tests/verify/ChangeLog b/src/tests/verify/ChangeLog index 39c3982c2..6ce4abd06 100644 --- a/src/tests/verify/ChangeLog +++ b/src/tests/verify/ChangeLog @@ -1,3 +1,8 @@ +2002-04-05 Ken Raeburn + + * kdb5_verify.c (main): Call krb5_c_valid_enctype instead of + valid_enctype. + 2001-11-19 Ezra Peisach * kdb5_verify.c (main): Use krb5_free_unparsed_name() to free up diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c index 1127c7fda..878104d0a 100644 --- a/src/tests/verify/kdb5_verify.c +++ b/src/tests/verify/kdb5_verify.c @@ -82,8 +82,8 @@ int check_princ (krb5_context, char *); int main(argc, argv) -int argc; -char *argv[]; + int argc; + char *argv[]; { extern char *optarg; int optchar, i, n; @@ -153,7 +153,7 @@ char *argv[]; if (!enctypedone) master_keyblock.enctype = DEFAULT_KDC_ENCTYPE; - if (!valid_enctype(master_keyblock.enctype)) { + if (!krb5_c_valid_enctype(master_keyblock.enctype)) { com_err(progname, KRB5_PROG_ETYPE_NOSUPP, "while setting up enctype %d", master_keyblock.enctype); exit(1); -- 2.26.2