From d6d48fe3b5502e36f45eaf3392e6ad93f8ad3a03 Mon Sep 17 00:00:00 2001 From: Chris Provenzano Date: Wed, 6 Sep 1995 03:27:25 +0000 Subject: [PATCH] * do_as_req.c, do_tgs_req.c, kerberos_v4.c, main.c: Remove krb5_enctype references, and replace with krb5_keytype where appropriate. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6673 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/ChangeLog | 6 +++++ src/kdc/do_as_req.c | 28 ++++++++++------------ src/kdc/do_tgs_req.c | 47 ++++++++++++++++++------------------ src/kdc/kerberos_v4.c | 2 +- src/kdc/main.c | 55 ++++++++++++++----------------------------- 5 files changed, 61 insertions(+), 77 deletions(-) diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index c910062a4..e10579008 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,9 @@ + +Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) + + * do_as_req.c, do_tgs_req.c, kerberos_v4.c, main.c: Remove krb5_enctype + references, and replace with krb5_keytype where appropriate. + Mon Sep 4 14:10:26 1995 Ezra Peisach * do_as_req.c, do_tgs_req.c, kdc_util.c, kdc_util.h, policy.c: Add diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 1cd3f4bf0..016eaffa4 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -111,12 +111,12 @@ krb5_data **response; /* filled in with a response packet */ krb5_timestamp kdc_time, authtime; krb5_keyblock *session_key = 0; krb5_keyblock encrypting_key; - krb5_enctype useetype; krb5_pa_data *padat_tmp[2], padat_local; krb5_data salt_data; const char *status; krb5_encrypt_block eblock; krb5_key_data *server_key, *client_key; + krb5_keytype usekeytype; #ifdef KRBCONF_KDC_MODIFIES_KDB krb5_boolean update_client = 0; #endif /* KRBCONF_KDC_MODIFIES_KDB */ @@ -203,12 +203,11 @@ krb5_data **response; /* filled in with a response packet */ goto errout; } - /* This will change when the etype == keytype */ - for (i = 0; i < request->netypes; i++) { - if (!valid_etype(request->etype[i])) + for (i = 0; i < request->nktypes; i++) { + if (!valid_keytype(request->ktype[i])) continue; - if (request->etype[i] == ETYPE_DES_CBC_MD5 && + if (request->ktype[i] == KEYTYPE_DES_CBC_MD5 && !isflagset(server.attributes, KRB5_KDB_SUPPORT_DESMD5)) continue; @@ -216,28 +215,25 @@ krb5_data **response; /* filled in with a response packet */ * Find the server key of the appropriate type. If we could specify * a kvno, it would be supplied here. */ - if (!krb5_dbe_find_keytype(kdc_context, - &server, - krb5_csarray[request->etype[i]]-> - system->proto_keytype, + if (!krb5_dbe_find_keytype(kdc_context, &server, request->ktype[i], -1, /* Ignore salttype */ -1, /* Get highest kvno */ &server_key)) goto got_a_key; } - /* unsupported etype */ + /* unsupported ktype */ krb5_klog_syslog(LOG_INFO,"AS_REQ: BAD ENCRYPTION TYPE: host %s, %s for %s", fromstring, cname, sname); - retval = prepare_error_as(request, KDC_ERR_ETYPE_NOSUPP, 0, response); + retval = prepare_error_as(request, KDC_ERR_KEYTYPE_NOSUPP, 0, response); goto errout; got_a_key:; - useetype = request->etype[i]; - krb5_use_cstype(kdc_context, &eblock, useetype); + usekeytype = request->ktype[i]; + krb5_use_keytype(kdc_context, &eblock, request->ktype[i]); if ((retval = krb5_random_key(kdc_context, &eblock, - krb5_csarray[useetype]->random_sequence, + krb5_keytype_array[usekeytype]->random_sequence, &session_key))) { /* random key failed */ krb5_klog_syslog(LOG_INFO,"AS_REQ: RANDOM KEY FAILED: host %s, %s for %s", @@ -419,7 +415,7 @@ got_a_key:; krb5_klog_syslog(LOG_INFO, "AS_REQ: CANNOT FIND CLIENT KEY: host %s, %s for %s", fromstring, cname, sname); - retval = prepare_error_as(request, KDC_ERR_ETYPE_NOSUPP, 0, response); + retval = prepare_error_as(request, KDC_ERR_KEYTYPE_NOSUPP, 0, response); goto errout; } @@ -493,7 +489,7 @@ got_a_key:; /* now encode/encrypt the response */ - reply.enc_part.etype = useetype; + reply.enc_part.keytype = usekeytype; reply.enc_part.kvno = client_key->key_data_kvno; /* convert client.key_data into a real key */ diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index e5240691b..16a16fb27 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -63,7 +63,7 @@ krb5_data **response; /* filled in with a response packet */ { krb5_keyblock * subkey; krb5_encrypt_block eblock; - krb5_keytype second_ticket_etype = ETYPE_UNKNOWN; + krb5_keytype second_ticket_ktype = KEYTYPE_UNKNOWN; krb5_kdc_req *request = 0; krb5_db_entry server; krb5_kdc_rep reply; @@ -83,7 +83,7 @@ krb5_data **response; /* filled in with a response packet */ char *cname = 0, *sname = 0, *tmp = 0, *fromstring = 0; krb5_last_req_entry *nolrarray[2], nolrentry; /* krb5_address *noaddrarray[1]; */ - krb5_enctype useetype; + krb5_keytype usekeytype; int errcode, errcode2; register int i; int firstpass = 1; @@ -210,39 +210,39 @@ tgt_again: * use to encrypt the ticket! */ if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY)) - second_ticket_etype = request->second_ticket[st_idx]->enc_part.etype; + second_ticket_ktype = request->second_ticket[st_idx]->enc_part.keytype; - for (i = 0; i < request->netypes; i++) { + for (i = 0; i < request->nktypes; i++) { krb5_keytype ok_keytype; - if (!valid_etype(request->etype[i])) + if (!valid_keytype(request->ktype[i])) continue; - if (second_ticket_etype != ETYPE_UNKNOWN && - second_ticket_etype != request->etype[i]) + if (second_ticket_ktype != KEYTYPE_UNKNOWN && + second_ticket_ktype != request->ktype[i]) continue; - if (request->etype[i] == ETYPE_DES_CBC_MD5 && + if (request->ktype[i] == KEYTYPE_DES_CBC_MD5 && !isflagset(server.attributes, KRB5_KDB_SUPPORT_DESMD5)) continue; - ok_keytype = krb5_csarray[request->etype[i]]->system->proto_keytype; + ok_keytype = request->ktype[i]; for (ok_key_data = 0; ok_key_data < server.n_key_data; ok_key_data++) if (server.key_data[ok_key_data].key_data_type[0] == ok_keytype) goto got_a_key; } - /* unsupported etype */ + /* unsupported ktype */ errcode = KRB5KDC_ERR_ETYPE_NOSUPP; status = "BAD_ENCRYPTION_TYPE"; goto cleanup; got_a_key:; - useetype = request->etype[i]; - krb5_use_cstype(kdc_context, &eblock, useetype); + usekeytype = request->ktype[i]; + krb5_use_keytype(kdc_context, &eblock, usekeytype); retval = krb5_random_key(kdc_context, &eblock, - krb5_csarray[useetype]->random_sequence, + krb5_keytype_array[usekeytype]->random_sequence, &session_key); if (retval) { /* random key failed */ @@ -390,14 +390,15 @@ got_a_key:; krb5_data scratch; /* decrypt the authdata in the request */ - if (!valid_etype(request->authorization_data.etype)) { + if (!valid_keytype(request->authorization_data.keytype)) { status = "BAD_AUTH_ETYPE"; errcode = KRB5KDC_ERR_ETYPE_NOSUPP; goto cleanup; } /* put together an eblock for this encryption */ - krb5_use_cstype(kdc_context, &eblock, request->authorization_data.etype); + krb5_use_keytype(kdc_context, &eblock, + request->authorization_data.keytype); scratch.length = request->authorization_data.ciphertext.length; if (!(scratch.data = @@ -534,9 +535,9 @@ got_a_key:; } ticket_reply.enc_part.kvno = 0; - ticket_reply.enc_part.etype = - request->second_ticket[st_idx]->enc_part2->session->etype; - krb5_use_cstype(kdc_context, &eblock, ticket_reply.enc_part.etype); + ticket_reply.enc_part.keytype = + request->second_ticket[st_idx]->enc_part2->session->keytype; + krb5_use_keytype(kdc_context, &eblock, ticket_reply.enc_part.keytype); if ((retval = krb5_encrypt_tkt_part(kdc_context, &eblock, request->second_ticket[st_idx]->enc_part2->session, &ticket_reply))) { @@ -555,8 +556,8 @@ got_a_key:; } ticket_reply.enc_part.kvno = server.key_data[ok_key_data].key_data_kvno; - ticket_reply.enc_part.etype = useetype; - krb5_use_cstype(kdc_context, &eblock, ticket_reply.enc_part.etype); + ticket_reply.enc_part.keytype = usekeytype; + krb5_use_keytype(kdc_context, &eblock, ticket_reply.enc_part.keytype); retval = krb5_encrypt_tkt_part(kdc_context, &eblock, &encrypting_key, &ticket_reply); @@ -601,9 +602,9 @@ got_a_key:; /* use the session key in the ticket, unless there's a subsession key in the AP_REQ */ - reply.enc_part.etype = subkey ? subkey->etype : - header_ticket->enc_part2->session->etype; - krb5_use_cstype(kdc_context, &eblock, reply.enc_part.etype); + reply.enc_part.keytype = subkey ? subkey->keytype : + header_ticket->enc_part2->session->keytype; + krb5_use_keytype(kdc_context, &eblock, reply.enc_part.keytype); retval = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart, &eblock, subkey ? subkey : diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c index 62f27cb88..490375c3c 100644 --- a/src/kdc/kerberos_v4.c +++ b/src/kdc/kerberos_v4.c @@ -389,7 +389,7 @@ kerb_get_principal(name, inst, principal, maxn, more) if (krb5_dbe_find_keytype(kdc_context, &entries, - KEYTYPE_DES, + KEYTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_V4, -1, &pkey)) { diff --git a/src/kdc/main.c b/src/kdc/main.c index beb68583a..c1cf5bf58 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -342,7 +342,7 @@ finish_realm(rdp) */ static krb5_error_code init_realm(progname, rdp, realm, def_dbname, def_mpname, - def_keytype, def_port, def_sport, def_enctype, def_manual) + def_keytype, def_port, def_sport, def_manual) char *progname; kdc_realm_t *rdp; char *realm; @@ -351,7 +351,6 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, krb5_keytype def_keytype; krb5_int32 def_port; krb5_int32 def_sport; - krb5_enctype def_enctype; krb5_boolean def_manual; { krb5_error_code kret; @@ -360,7 +359,6 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, int num2get; krb5_boolean more; krb5_boolean db_inited; - krb5_enctype etype; krb5_realm_params *rparams; krb5_key_data *kdata; krb5_key_salt_tuple *kslist; @@ -402,7 +400,7 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, (krb5_keytype) rparams->realm_keytype; else rdp->realm_mkey.keytype = (def_keytype) ? def_keytype : - KEYTYPE_DES; + KEYTYPE_DES_CBC_CRC; /* Handle KDC port */ if (rparams && rparams->realm_kdc_pport_valid) @@ -424,18 +422,6 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, def_sport, KDC_SECONDARY_PORTNAME); - /* Handle encryption type */ - if (rparams && rparams->realm_enctype_valid) - etype = rparams->realm_enctype; - else - etype = (def_enctype) ? def_enctype : DEFAULT_KDC_ETYPE; - - if (!valid_etype(etype)) { - com_err(progname, KRB5_PROG_ETYPE_NOSUPP, - "while setting up etype %d", etype); - exit(1); - } - /* Handle stash file */ if (rparams && rparams->realm_stash_file) { rdp->realm_stash = strdup(rparams->realm_stash_file); @@ -460,15 +446,14 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, rparams->realm_num_keysalts = 0; kslist = (krb5_key_salt_tuple *) rdp->realm_kstypes; nkslist = rdp->realm_nkstypes; - } - else { + } else { /* * XXX * Initialize default key/salt list. */ if ((kslist = (krb5_key_salt_tuple *) malloc(sizeof(krb5_key_salt_tuple)))) { - kslist->ks_keytype = KEYTYPE_DES; + kslist->ks_keytype = KEYTYPE_DES_CBC_CRC; kslist->ks_salttype = KRB5_KDB_SALTTYPE_NORMAL; rdp->realm_kstypes = kslist; rdp->realm_nkstypes = 1; @@ -509,7 +494,8 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, } /* Select the specified encryption type */ - krb5_use_cstype(rdp->realm_context, &rdp->realm_encblock, etype); + krb5_use_keytype(rdp->realm_context, &rdp->realm_encblock, + rdp->realm_mkey.keytype); /* * Get the master key. @@ -683,27 +669,27 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, } } if (!rkey_init_done) { + krb5_keytype keytype; /* * If all that worked, then initialize the random key * generators. */ - for (etype = 0; etype <= krb5_max_cryptosystem; etype++) { - if (krb5_csarray[etype]) { - if ((kret = (*krb5_csarray[etype]->system-> + for (keytype = 0; keytype <= krb5_max_keytype; keytype++) { + if (krb5_keytype_array[keytype]) { + if ((kret = (*krb5_keytype_array[keytype]->system-> init_random_key) (&rdp->realm_mkey, - &krb5_csarray[etype]->random_sequence))) { + &krb5_keytype_array[keytype]->random_sequence))) { com_err(progname, kret, - "while setting up random key generator for etype %d--etype disabled", - etype); - krb5_csarray[etype] = 0; + "while setting up random key generator for keytype %d--keytype disabled", + keytype); + krb5_keytype_array[keytype] = 0; } } } rkey_init_done = 1; } - } - else { + } else { com_err(progname, kret, "while getting context for realm %s", realm); goto whoops; @@ -762,8 +748,7 @@ initialize_realms(kcontext, argc, argv) char *rcname = KDCRCACHE; char *lrealm; krb5_error_code retval; - krb5_keytype mkeytype = KEYTYPE_DES; - krb5_enctype kdc_etype = DEFAULT_KDC_ETYPE; + krb5_keytype mkeytype = KEYTYPE_DES_CBC_CRC; kdc_realm_t *rdatap; krb5_boolean manual = FALSE; krb5_int32 pport, sport; @@ -782,7 +767,7 @@ initialize_realms(kcontext, argc, argv) if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) { if ((retval = init_realm(argv[0], rdatap, optarg, db_name, mkey_name, mkeytype, pport, sport, - kdc_etype, manual))) { + manual))) { fprintf(stderr,"%s: cannot initialize realm %s\n", argv[0], optarg); exit(1); @@ -817,10 +802,6 @@ initialize_realms(kcontext, argc, argv) case 's': sport = atoi(optarg); break; - case 'e': - if (krb5_string_to_enctype(optarg, &kdc_etype)) - com_err(argv[0], 0, "invalid encryption type %s", optarg); - break; case '?': default: usage(argv[0]); @@ -841,7 +822,7 @@ initialize_realms(kcontext, argc, argv) if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) { if ((retval = init_realm(argv[0], rdatap, lrealm, db_name, mkey_name, mkeytype, pport, sport, - kdc_etype, manual))) { + manual))) { fprintf(stderr,"%s: cannot initialize realm %s\n", argv[0], lrealm); exit(1); -- 2.26.2