From bc763a58830d2b5b097324a70317edb8638a4cc8 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 19 Jan 2010 23:35:39 +0000 Subject: [PATCH] Add krb5_allow_weak_crypto API Add an API to allow apps to override the profile setting of allow_weak_crypto, so that aklog can work with krb5 1.8 out of the box until OpenAFS finishes migrating away from DES. ticket: 6645 target_version: 1.8 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23663 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/krb5/krb5.hin | 5 +++++ src/lib/krb5/krb/Makefile.in | 1 + src/lib/krb5/krb/allow_weak.c | 38 +++++++++++++++++++++++++++++++++++ src/lib/krb5/libkrb5.exports | 1 + 4 files changed, 45 insertions(+) create mode 100644 src/lib/krb5/krb/allow_weak.c diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 09412738a..63b69710a 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -2553,6 +2553,11 @@ krb5_pac_verify(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock *server, const krb5_keyblock *privsvr); +/* Allows the appplication to override the profile's allow_weak_crypto setting. + * Primarily for use by aklog. */ +krb5_error_code KRB5_CALLCONV +krb5_allow_weak_crypto(krb5_context context, krb5_boolean enable); + #if TARGET_OS_MAC # pragma pack(pop) #endif diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in index 8c2b59fc4..2fad9e9d9 100644 --- a/src/lib/krb5/krb/Makefile.in +++ b/src/lib/krb5/krb/Makefile.in @@ -14,6 +14,7 @@ STLIBOBJS= \ addr_comp.o \ addr_order.o \ addr_srch.o \ + allow_weak.o \ appdefault.o \ auth_con.o \ authdata.o \ diff --git a/src/lib/krb5/krb/allow_weak.c b/src/lib/krb5/krb/allow_weak.c new file mode 100644 index 000000000..1290d1f79 --- /dev/null +++ b/src/lib/krb5/krb/allow_weak.c @@ -0,0 +1,38 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * lib/krb5/krb/allow_weak.c + * + * Copyright (C) 2010 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Implements krb5_allow_weak_crypto. + */ + +#include "k5-int.h" + +krb5_error_code KRB5_CALLCONV +krb5_allow_weak_crypto(krb5_context context, krb5_boolean enable) +{ + context->allow_weak_crypto = (enable != FALSE); + return 0; +} diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 2bfbeead1..1a1ae4515 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -108,6 +108,7 @@ krb5_524_convert_creds krb5_address_compare krb5_address_order krb5_address_search +krb5_allow_weak_crypto krb5_aname_to_localname krb5_anonymous_principal krb5_anonymous_realm -- 2.26.2