From b8c79298858dcc1b71e7548f6a1d8f6cf22597b9 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Wed, 1 Sep 1999 21:55:49 +0000 Subject: [PATCH] from 1.1 branch: * init_ctx.c (get_profile_etype_list): Update name of the des3 entry in the default etype list. * init_ctx.c (get_profile_etype_list): New argument DESONLY; if set, ignore any ktype values other than NULL, DES_CBC_CRC, and DES_CBC_MD5. (krb5_get_default_in_tkt_ktypes, krb5_get_tgs_ktypes): Set it. (krb5_get_permitted_enctypes): Don't set it. * fwd_tgt.c (krb5_fwd_tgt_creds): Use KRB5_TC_SUPPORTED_KTYPES when calling krb5_cc_retrieve_cred. * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Ditto. * get_creds.c (krb5_get_credentials_core): Set that flag. (krb5_get_credentials): Check for KRB5_CC_NOT_KTYPE error return. * t_ser.c (main): Disable eblock serialization test, since the code it tests was disabled nearly a year ago. * str_conv.c (krb5_timestamp_to_sfstring): Don't pass extra argument to sprintf. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11779 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/ChangeLog | 23 +++++++++++++++++++++++ src/lib/krb5/krb/fwd_tgt.c | 3 ++- src/lib/krb5/krb/gc_frm_kdc.c | 12 ++++++------ src/lib/krb5/krb/get_creds.c | 6 ++++-- src/lib/krb5/krb/init_ctx.c | 26 ++++++++++++++++++++------ src/lib/krb5/krb/str_conv.c | 2 +- src/lib/krb5/krb/t_ser.c | 8 ++++++++ 7 files changed, 64 insertions(+), 16 deletions(-) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index d0c0348d9..a749b6c17 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,26 @@ +1999-09-01 Ken Raeburn + + * init_ctx.c (get_profile_etype_list): Update name of the des3 + entry in the default etype list. + + * init_ctx.c (get_profile_etype_list): New argument DESONLY; if + set, ignore any ktype values other than NULL, DES_CBC_CRC, and + DES_CBC_MD5. + (krb5_get_default_in_tkt_ktypes, krb5_get_tgs_ktypes): Set it. + (krb5_get_permitted_enctypes): Don't set it. + + * fwd_tgt.c (krb5_fwd_tgt_creds): Use KRB5_TC_SUPPORTED_KTYPES + when calling krb5_cc_retrieve_cred. + * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Ditto. + * get_creds.c (krb5_get_credentials_core): Set that flag. + (krb5_get_credentials): Check for KRB5_CC_NOT_KTYPE error return. + + * t_ser.c (main): Disable eblock serialization test, since the + code it tests was disabled nearly a year ago. + + * str_conv.c (krb5_timestamp_to_sfstring): Don't pass extra + argument to sprintf. + 1999-08-10 Alexandra Ellwood * chpw.c (krb5_mk_chpw_req): diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c index 0a8ce2240..2ae1bb136 100644 --- a/src/lib/krb5/krb/fwd_tgt.c +++ b/src/lib/krb5/krb/fwd_tgt.c @@ -93,7 +93,8 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc, } /* fetch tgt directly from cache */ - retval = krb5_cc_retrieve_cred (context, cc, 0, &creds, &tgt); + retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_SUPPORTED_KTYPES, + &creds, &tgt); if (retval) goto errout; diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index ac31b466d..ed6bc55a7 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -118,10 +118,10 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt) } if ((retval = krb5_cc_retrieve_cred(context, ccache, - KRB5_TC_MATCH_SRV_NAMEONLY, + KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES, &tgtq, &tgt))) { - if (retval != KRB5_CC_NOTFOUND) { + if (retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) { goto cleanup; } @@ -154,7 +154,7 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt) goto cleanup; if ((retval = krb5_cc_retrieve_cred(context, ccache, - KRB5_TC_MATCH_SRV_NAMEONLY, + KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES, &tgtq, &tgt))) { goto cleanup; } @@ -217,10 +217,10 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt) goto cleanup; if ((retval = krb5_cc_retrieve_cred(context, ccache, - KRB5_TC_MATCH_SRV_NAMEONLY, + KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES, &tgtq, &tgt))) { - if (retval != KRB5_CC_NOTFOUND) { + if (retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) { goto cleanup; } @@ -280,7 +280,7 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt) goto cleanup; if ((retval = krb5_cc_retrieve_cred(context, ccache, - KRB5_TC_MATCH_SRV_NAMEONLY, + KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES, &tgtq, &tgt))) { if (retval != KRB5_CC_NOTFOUND) { goto cleanup; diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index 4fbf4cf33..240143931 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -69,7 +69,8 @@ krb5_get_credentials_core(context, options, ccache, in_creds, out_creds, mcreds->client = in_creds->client; *fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */ - | KRB5_TC_MATCH_AUTHDATA ; + | KRB5_TC_MATCH_AUTHDATA + | KRB5_TC_SUPPORTED_KTYPES; if (mcreds->keyblock.enctype) *fields |= KRB5_TC_MATCH_KTYPE; if (options & KRB5_GC_USER_USER) { @@ -120,7 +121,8 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds) *out_creds = ncreds; } - if (retval != KRB5_CC_NOTFOUND || options & KRB5_GC_CACHED) + if ((retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) + || options & KRB5_GC_CACHED) return retval; retval = krb5_get_cred_from_kdc(context, ccache, ncreds, out_creds, &tgts); diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 2ddd2d0c5..8137843a7 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -250,12 +250,13 @@ krb5_set_default_in_tkt_ktypes(context, ktypes) } static krb5_error_code -get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list) +get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list, desonly) krb5_context context; krb5_enctype **ktypes; char *profstr; int ctx_count; krb5_enctype FAR *ctx_list; + int desonly; { krb5_enctype *old_ktypes; @@ -283,7 +284,7 @@ get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list) code = profile_get_string(context->profile, "libdefaults", profstr, NULL, - "des3-hmac-sha1 des-cbc-md5 des-cbc-crc", + "des3-cbc-sha1 des-cbc-md5 des-cbc-crc", &retval); if (code) return code; @@ -313,8 +314,21 @@ get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list) j = 0; i = 1; while (1) { - if (! krb5_string_to_enctype(sp, &old_ktypes[j])) + if (! krb5_string_to_enctype(sp, &old_ktypes[j])) { + switch (old_ktypes[j]) { + default: + if (desonly) + /* Other types not supported yet. */ + break; + /* else fall through */ + + case ENCTYPE_NULL: + case ENCTYPE_DES_CBC_CRC: + case ENCTYPE_DES_CBC_MD5: j++; + break; + } + } if (i++ >= count) break; @@ -339,7 +353,7 @@ krb5_get_default_in_tkt_ktypes(context, ktypes) { return(get_profile_etype_list(context, ktypes, "default_tkt_enctypes", context->in_tkt_ktype_count, - context->in_tkt_ktypes)); + context->in_tkt_ktypes, 1)); } krb5_error_code @@ -382,7 +396,7 @@ krb5_get_tgs_ktypes(context, princ, ktypes) { return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes", context->tgs_ktype_count, - context->tgs_ktypes)); + context->tgs_ktypes, 1)); } krb5_error_code @@ -392,7 +406,7 @@ krb5_get_permitted_enctypes(context, ktypes) { return(get_profile_etype_list(context, ktypes, "permitted_enctypes", context->tgs_ktype_count, - context->tgs_ktypes)); + context->tgs_ktypes, 0)); } krb5_boolean diff --git a/src/lib/krb5/krb/str_conv.c b/src/lib/krb5/krb/str_conv.c index 7041f618c..b2a37e880 100644 --- a/src/lib/krb5/krb/str_conv.c +++ b/src/lib/krb5/krb/str_conv.c @@ -500,7 +500,7 @@ krb5_timestamp_to_sfstring(timestamp, buffer, buflen, pad) if (buflen >= sftime_default_len) { sprintf(buffer, sftime_default_fmt, tmp->tm_mday, tmp->tm_mon+1, 1900+tmp->tm_year, - tmp->tm_hour, tmp->tm_min, tmp->tm_sec); + tmp->tm_hour, tmp->tm_min); ndone = strlen(buffer); } } diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c index 4ca3b5399..c17af31e5 100644 --- a/src/lib/krb5/krb/t_ser.c +++ b/src/lib/krb5/krb/t_ser.c @@ -167,8 +167,10 @@ ser_data(verbose, msg, ctx, dtype) krb5_encrypt_block *eblock; eblock = (krb5_encrypt_block *) nctx; +#if 0 if (eblock->priv && eblock->priv_size) krb5_xfree(eblock->priv); +#endif if (eblock->key) krb5_free_keyblock(ser_ctx, eblock->key); krb5_xfree(eblock); @@ -525,8 +527,10 @@ ser_eblock_test(kcontext, verbose) krb5_use_enctype(kcontext, &eblock, DEFAULT_KDC_ENCTYPE); if (!(kret = ser_data(verbose, "> NULL eblock", (krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) { +#if 0 eblock.priv = (krb5_pointer) stuff; eblock.priv_size = 8; +#endif if (!(kret = ser_data(verbose, "> eblock with private data", (krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) { @@ -676,9 +680,11 @@ main(argc, argv) case 'C': do_ctest = 1; break; +#if 0 case 'E': do_etest = 1; break; +#endif case 'K': do_ktest = 1; break; @@ -737,12 +743,14 @@ main(argc, argv) if (kret) goto fail; } +#if 0 /* code to be tested is currently disabled */ if (do_etest) { ch_err = 'e'; kret = ser_eblock_test(kcontext, verbose); if (kret) goto fail; } +#endif if (do_ptest) { ch_err = 'p'; kret = ser_princ_test(kcontext, verbose); -- 2.26.2