diff options
26 files changed, 151 insertions, 194 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 31ecd5d988..6288367e28 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,13 @@ +Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) + + * decode_kdc.c, decrypt_tk.c, encode_kdc.c, encrypt_tk.c, gc_frm_kdc.c + * gc_via_tkt.c, get_in_tkt.c, in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c + * init_ctx.c, kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c + * mk_req_ext.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c, + * send_tgs.c, ser_ctx.c, ser_eblk.c, ser_key.c, t_ser.c: + Remove krb5_enctype references, and replace with + krb5_keytype where appropriate + Fri Sep 1 20:03:41 1995 Theodore Y. Ts'o <tytso@dcl> * get_in_tkt.c (krb5_get_in_tkt): If kdc_settime is enabled, then diff --git a/src/lib/krb5/krb/decode_kdc.c b/src/lib/krb5/krb/decode_kdc.c index 642de5b084..71e01a8111 100644 --- a/src/lib/krb5/krb/decode_kdc.c +++ b/src/lib/krb5/krb/decode_kdc.c @@ -40,11 +40,10 @@ */ krb5_error_code -krb5_decode_kdc_rep(context, enc_rep, key, etype, dec_rep) +krb5_decode_kdc_rep(context, enc_rep, key, dec_rep) krb5_context context; krb5_data * enc_rep; const krb5_keyblock * key; - const krb5_enctype etype; krb5_kdc_rep ** dec_rep; { krb5_error_code retval; @@ -60,16 +59,10 @@ krb5_decode_kdc_rep(context, enc_rep, key, etype, dec_rep) if (retval) return retval; - if (local_dec_rep->enc_part.etype != etype) { + if (retval = krb5_kdc_rep_decrypt_proc(context, key, 0, local_dec_rep)) krb5_free_kdc_rep(context, local_dec_rep); - return KRB5_WRONG_ETYPE; - } - retval = krb5_kdc_rep_decrypt_proc(context, key, 0, local_dec_rep); - if (retval) { - krb5_free_kdc_rep(context, local_dec_rep); - return(retval); - } - *dec_rep = local_dec_rep; - return 0; + else + *dec_rep = local_dec_rep; + return(retval); } diff --git a/src/lib/krb5/krb/decrypt_tk.c b/src/lib/krb5/krb/decrypt_tk.c index 3777ffa6b4..25ad3dcb77 100644 --- a/src/lib/krb5/krb/decrypt_tk.c +++ b/src/lib/krb5/krb/decrypt_tk.c @@ -46,29 +46,27 @@ krb5_decrypt_tkt_part(context, srv_key, ticket) krb5_data scratch; krb5_error_code retval; - if (!valid_etype(ticket->enc_part.etype)) + if (!valid_keytype(ticket->enc_part.keytype)) return KRB5_PROG_ETYPE_NOSUPP; /* put together an eblock for this encryption */ - - krb5_use_cstype(context, &eblock, ticket->enc_part.etype); + krb5_use_keytype(context, &eblock, ticket->enc_part.keytype); scratch.length = ticket->enc_part.ciphertext.length; if (!(scratch.data = malloc(ticket->enc_part.ciphertext.length))) return(ENOMEM); /* do any necessary key pre-processing */ - retval = krb5_process_key(context, &eblock, srv_key); - if (retval) { + if (retval = krb5_process_key(context, &eblock, srv_key)) { free(scratch.data); return(retval); } /* call the encryption routine */ - retval = krb5_decrypt(context, (krb5_pointer) ticket->enc_part.ciphertext.data, - (krb5_pointer) scratch.data, - scratch.length, &eblock, 0); - if (retval) { + if (retval = krb5_decrypt(context, + (krb5_pointer) ticket->enc_part.ciphertext.data, + (krb5_pointer) scratch.data, scratch.length, + &eblock, 0)) { (void) krb5_finish_key(context, &eblock); free(scratch.data); return retval; @@ -87,6 +85,5 @@ free(scratch.data);} ticket->enc_part2 = dec_tkt_part; } clean_scratch(); - ticket->enc_part2->session->etype = ticket->enc_part.etype; return retval; } diff --git a/src/lib/krb5/krb/encode_kdc.c b/src/lib/krb5/krb/encode_kdc.c index a4d0edb325..f310879106 100644 --- a/src/lib/krb5/krb/encode_kdc.c +++ b/src/lib/krb5/krb/encode_kdc.c @@ -54,7 +54,7 @@ krb5_encode_kdc_rep(context, type, encpart, eblock, client_key, dec_rep, enc_rep krb5_error_code retval; krb5_enc_kdc_rep_part tmp_encpart; - if (!valid_etype(dec_rep->enc_part.etype)) + if (!valid_keytype(dec_rep->enc_part.keytype)) return KRB5_PROG_ETYPE_NOSUPP; switch (type) { @@ -127,7 +127,7 @@ dec_rep->enc_part.ciphertext.data = 0;} goto clean_prockey; } - dec_rep->enc_part.etype = krb5_eblock_enctype(context, eblock); + dec_rep->enc_part.keytype = krb5_eblock_keytype(context, eblock); /* do some cleanup */ cleanup_scratch(); diff --git a/src/lib/krb5/krb/encrypt_tk.c b/src/lib/krb5/krb/encrypt_tk.c index 0220e42f91..8e28f514db 100644 --- a/src/lib/krb5/krb/encrypt_tk.c +++ b/src/lib/krb5/krb/encrypt_tk.c @@ -95,7 +95,7 @@ dec_ticket->enc_part.ciphertext.data = 0;} goto clean_prockey; } - dec_ticket->enc_part.etype = krb5_eblock_enctype(context, eblock); + dec_ticket->enc_part.keytype = krb5_eblock_keytype(context, eblock); /* ticket is now assembled-- do some cleanup */ cleanup_scratch(); diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index 255c4492db..122cac4c9b 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -60,8 +60,6 @@ extern krb5_cksumtype krb5_kdc_req_sumtype; /* helper macro: convert flags to necessary KDC options */ #define FLAGS2OPTS(flags) (flags & KDC_TKT_COMMON_MASK) -#define TGT_ETYPE \ - krb5_keytype_array[tgt.keyblock.keytype]->system->proto_enctype; krb5_error_code krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts) @@ -75,7 +73,6 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts) int ntgts = 0; krb5_creds tgt, tgtq, *tgtr = NULL; - krb5_enctype etype; krb5_error_code retval; krb5_principal int_server = NULL; /* Intermediate server for request */ @@ -250,7 +247,6 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts) goto cleanup; tgtq.is_skey = FALSE; tgtq.ticket_flags = tgt.ticket_flags; - etype = TGT_ETYPE; if ((retval = krb5_get_cred_via_tkt(context, &tgt, FLAGS2OPTS(tgtq.ticket_flags), tgt.addresses, &tgtq, &tgtr))) { @@ -309,7 +305,6 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts) goto cleanup; tgtq.is_skey = FALSE; tgtq.ticket_flags = tgt.ticket_flags; - etype = TGT_ETYPE; if ((retval = krb5_get_cred_via_tkt(context, &tgt, FLAGS2OPTS(tgtq.ticket_flags), tgt.addresses, @@ -383,7 +378,6 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts) goto cleanup; } - etype = TGT_ETYPE; retval = krb5_get_cred_via_tkt(context, &tgt, FLAGS2OPTS(tgt.ticket_flags) | (in_cred->second_ticket.length ? KDC_OPT_ENC_TKT_IN_SKEY : 0), diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index 5dbbaed428..643bca5661 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -66,7 +66,6 @@ krb5_kdcrep2creds(context, pkdcrep, address, psectkt, ppcreds) (*ppcreds)->second_ticket = *pdata; krb5_xfree(pdata); - (*ppcreds)->keyblock.etype = pkdcrep->ticket->enc_part.etype; (*ppcreds)->ticket_flags = pkdcrep->enc_part2->flags; (*ppcreds)->times = pkdcrep->enc_part2->times; (*ppcreds)->magic = KV5M_CREDS; @@ -172,8 +171,7 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred) } if ((retval = krb5_decode_kdc_rep(context, &tgsrep.response, - &tkt->keyblock, - tkt->keyblock.etype, &dec_rep))) + &tkt->keyblock, &dec_rep))) goto error_4; if (dec_rep->msg_type != KRB5_TGS_REP) { diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 78be610b05..0661377a08 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -71,12 +71,12 @@ typedef krb5_error_code (*git_decrypt_proc) PROTOTYPE((krb5_context, krb5_const_pointer, krb5_kdc_rep * )); krb5_error_code -krb5_get_in_tkt(context, options, addrs, etypes, ptypes, key_proc, keyseed, +krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, decrypt_proc, decryptarg, creds, ccache, ret_as_reply) krb5_context context; const krb5_flags options; krb5_address * const * addrs; - krb5_enctype * etypes; + krb5_keytype * ktypes; krb5_preauthtype * ptypes; git_key_proc key_proc; krb5_const_pointer keyseed; @@ -86,8 +86,7 @@ krb5_get_in_tkt(context, options, addrs, etypes, ptypes, key_proc, keyseed, krb5_ccache ccache; krb5_kdc_rep ** ret_as_reply; { - krb5_keytype keytype; - krb5_enctype etype; + krb5_keytype keytype, ktype; krb5_kdc_req request; krb5_kdc_rep *as_reply = 0; krb5_error *err_reply; @@ -160,11 +159,17 @@ krb5_get_in_tkt(context, options, addrs, etypes, ptypes, key_proc, keyseed, request.till = creds->times.endtime; request.rtime = creds->times.renew_till; - if (etypes) - request.etype = etypes; + if ((retval = krb5_timeofday(context, &time_now))) + goto cleanup; + + /* XXX we know they are the same size... */ + request.nonce = (krb5_int32) time_now; + + if (ktypes) + request.ktype = ktypes; else - krb5_get_default_in_tkt_etypes(context, &request.etype); - for (request.netypes = 0;request.etype[request.netypes];request.netypes++); + krb5_get_default_in_tkt_ktypes(context, &request.ktype); + for (request.nktypes = 0;request.ktype[request.nktypes];request.nktypes++); request.authorization_data.ciphertext.length = 0; request.authorization_data.ciphertext.data = 0; request.unenc_authdata = 0; @@ -178,8 +183,8 @@ krb5_get_in_tkt(context, options, addrs, etypes, ptypes, key_proc, keyseed, /* encode & send to KDC */ retval = encode_krb5_as_req(&request, &packet); - if (!etypes) - free(request.etype); + if (!ktypes) + free(request.ktype); if (retval) goto cleanup; @@ -245,8 +250,7 @@ krb5_get_in_tkt(context, options, addrs, etypes, ptypes, key_proc, keyseed, } /* Encryption type, keytype, */ - etype = as_reply->ticket->enc_part.etype; - keytype = krb5_csarray[etype]->system->proto_keytype; + keytype = as_reply->ticket->enc_part.keytype; /* and salt */ if (as_reply->padata) { @@ -326,7 +330,6 @@ krb5_get_in_tkt(context, options, addrs, etypes, ptypes, key_proc, keyseed, as_reply->enc_part2->session, &creds->keyblock))) goto cleanup; - creds->keyblock.etype = as_reply->ticket->enc_part.etype; creds->times = as_reply->enc_part2->times; creds->is_skey = FALSE; /* this is an AS_REQ, so cannot diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c index 2a96b1160b..00909accc0 100644 --- a/src/lib/krb5/krb/in_tkt_ktb.c +++ b/src/lib/krb5/krb/in_tkt_ktb.c @@ -113,12 +113,12 @@ cleanup: */ krb5_error_code -krb5_get_in_tkt_with_keytab(context, options, addrs, etypes, pre_auth_types, +krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types, keytab, ccache, creds, ret_as_reply) krb5_context context; const krb5_flags options; krb5_address * const * addrs; - krb5_enctype * etypes; + krb5_keytype * ktypes; krb5_preauthtype * pre_auth_types; const krb5_keytab keytab; krb5_ccache ccache; @@ -130,7 +130,7 @@ krb5_get_in_tkt_with_keytab(context, options, addrs, etypes, pre_auth_types, arg.keytab = keytab; arg.client = creds->client; - return (krb5_get_in_tkt(context, options, addrs, etypes, pre_auth_types, + return (krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, keytab_keyproc, (krb5_pointer)&arg, krb5_kdc_rep_decrypt_proc, 0, creds, ccache, ret_as_reply)); diff --git a/src/lib/krb5/krb/in_tkt_pwd.c b/src/lib/krb5/krb/in_tkt_pwd.c index 7ef8705200..5d9ca4c8eb 100644 --- a/src/lib/krb5/krb/in_tkt_pwd.c +++ b/src/lib/krb5/krb/in_tkt_pwd.c @@ -96,12 +96,12 @@ pwd_keyproc(context, type, salt, keyseed, key) returns system errors, encryption errors */ krb5_error_code INTERFACE -krb5_get_in_tkt_with_password(context, options, addrs, etypes, pre_auth_types, +krb5_get_in_tkt_with_password(context, options, addrs, ktypes, pre_auth_types, password, ccache, creds, ret_as_reply) krb5_context context; const krb5_flags options; krb5_address * const * addrs; - krb5_enctype * etypes; + krb5_keytype * ktypes; krb5_preauthtype * pre_auth_types; const char * password; krb5_ccache ccache; @@ -118,7 +118,7 @@ krb5_get_in_tkt_with_password(context, options, addrs, etypes, pre_auth_types, data.length = 0; } - retval = krb5_get_in_tkt(context, options, addrs, etypes, pre_auth_types, + retval = krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, pwd_keyproc, (krb5_pointer) &data, krb5_kdc_rep_decrypt_proc, 0, creds, ccache, ret_as_reply); diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c index 8cc03a0255..d91c3a195f 100644 --- a/src/lib/krb5/krb/in_tkt_sky.c +++ b/src/lib/krb5/krb/in_tkt_sky.c @@ -95,12 +95,12 @@ skey_keyproc(context, type, salt, keyseed, key) */ krb5_error_code -krb5_get_in_tkt_with_skey(context, options, addrs, etypes, pre_auth_types, +krb5_get_in_tkt_with_skey(context, options, addrs, ktypes, pre_auth_types, key, ccache, creds, ret_as_reply) krb5_context context; const krb5_flags options; krb5_address * const * addrs; - krb5_enctype * etypes; + krb5_keytype * ktypes; krb5_preauthtype * pre_auth_types; const krb5_keyblock * key; krb5_ccache ccache; @@ -109,12 +109,12 @@ krb5_get_in_tkt_with_skey(context, options, addrs, etypes, pre_auth_types, { if (key) - return krb5_get_in_tkt(context, options, addrs, etypes, pre_auth_types, + return krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, skey_keyproc, (krb5_pointer)key, krb5_kdc_rep_decrypt_proc, 0, creds, ccache, ret_as_reply); else - return krb5_get_in_tkt_with_keytab(context, options, addrs, etypes, + return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types, NULL, ccache, creds, ret_as_reply); } diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 077cfdd34a..2a53e6660d 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -42,7 +42,7 @@ krb5_init_context(context) ctx->magic = KV5M_CONTEXT; /* Set the default encryption types, possible defined in krb5/conf */ - if ((retval = krb5_set_default_in_tkt_etypes(ctx, NULL))) + if ((retval = krb5_set_default_in_tkt_ktypes(ctx, NULL))) goto cleanup; if ((retval = krb5_os_init_context(ctx))) @@ -74,8 +74,8 @@ krb5_free_context(ctx) { krb5_os_free_context(ctx); - if (ctx->etypes) - free(ctx->etypes); + if (ctx->ktypes) + free(ctx->ktypes); if (ctx->default_realm) free(ctx->default_realm); @@ -88,25 +88,25 @@ krb5_free_context(ctx) } /* - * Set the desired default etypes, making sure they are valid. + * Set the desired default ktypes, making sure they are valid. */ krb5_error_code -krb5_set_default_in_tkt_etypes(context, etypes) +krb5_set_default_in_tkt_ktypes(context, ktypes) krb5_context context; - const krb5_enctype *etypes; + const krb5_keytype *ktypes; { - krb5_enctype * new_etypes; + krb5_keytype * new_ktypes; int i; - if (etypes) { - for (i = 0; etypes[i]; i++) { - if (!valid_etype(etypes[i])) + if (ktypes) { + for (i = 0; ktypes[i]; i++) { + if (!valid_keytype(ktypes[i])) return KRB5_PROG_ETYPE_NOSUPP; } - /* Now copy the default etypes into the context pointer */ - if ((new_etypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i))) - memcpy(new_etypes, etypes, sizeof(krb5_enctype) * i); + /* Now copy the default ktypes into the context pointer */ + if ((new_ktypes = (krb5_keytype *)malloc(sizeof(krb5_keytype) * i))) + memcpy(new_ktypes, ktypes, sizeof(krb5_keytype) * i); else return ENOMEM; @@ -114,38 +114,38 @@ krb5_set_default_in_tkt_etypes(context, etypes) i = 2; /* Should reset the list to the runtime defaults */ - if ((new_etypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i))) { - new_etypes[0] = ETYPE_DES_CBC_MD5; - new_etypes[1] = ETYPE_DES_CBC_CRC; + if ((new_ktypes = (krb5_keytype *)malloc(sizeof(krb5_keytype) * i))) { + new_ktypes[0] = KEYTYPE_DES_CBC_MD5; + new_ktypes[1] = KEYTYPE_DES_CBC_CRC; } else { return ENOMEM; } } - if (context->etypes) - free(context->etypes); - context->etypes = new_etypes; - context->etype_count = i; + if (context->ktypes) + free(context->ktypes); + context->ktypes = new_ktypes; + context->ktype_count = i; return 0; } krb5_error_code -krb5_get_default_in_tkt_etypes(context, etypes) +krb5_get_default_in_tkt_ktypes(context, ktypes) krb5_context context; - krb5_enctype **etypes; + krb5_keytype **ktypes; { - krb5_enctype * old_etypes; + krb5_keytype * old_ktypes; - if ((old_etypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * - (context->etype_count + 1)))) { - memcpy(old_etypes, context->etypes, sizeof(krb5_enctype) * - context->etype_count); - old_etypes[context->etype_count] = 0; + if ((old_ktypes = (krb5_keytype *)malloc(sizeof(krb5_keytype) * + (context->ktype_count + 1)))) { + memcpy(old_ktypes, context->ktypes, sizeof(krb5_keytype) * + context->ktype_count); + old_ktypes[context->ktype_count] = 0; } else { return ENOMEM; } - *etypes = old_etypes; + *ktypes = old_ktypes; return 0; } diff --git a/src/lib/krb5/krb/kdc_rep_dc.c b/src/lib/krb5/krb/kdc_rep_dc.c index b1f9a7dacb..8728d4484c 100644 --- a/src/lib/krb5/krb/kdc_rep_dc.c +++ b/src/lib/krb5/krb/kdc_rep_dc.c @@ -45,7 +45,7 @@ krb5_kdc_rep_decrypt_proc(context, key, decryptarg, dec_rep) krb5_data scratch; krb5_enc_kdc_rep_part *local_encpart; - if (!valid_etype(dec_rep->enc_part.etype)) + if (!valid_keytype(dec_rep->enc_part.keytype)) return KRB5_PROG_ETYPE_NOSUPP; /* set up scratch decrypt/decode area */ @@ -57,7 +57,7 @@ krb5_kdc_rep_decrypt_proc(context, key, decryptarg, dec_rep) /* put together an eblock for this encryption */ - krb5_use_cstype(context, &eblock, dec_rep->enc_part.etype); + krb5_use_keytype(context, &eblock, dec_rep->enc_part.keytype); /* do any necessary key pre-processing */ if ((retval = krb5_process_key(context, &eblock, key))) { diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c index 9d2ef6d8e0..ff383b08e3 100644 --- a/src/lib/krb5/krb/mk_cred.c +++ b/src/lib/krb5/krb/mk_cred.c @@ -31,7 +31,7 @@ encrypt_credencpart(context, pcredpart, pkeyblock, pencdata) krb5_encrypt_block eblock; krb5_data * scratch; - if (!valid_etype(pkeyblock->etype)) + if (!valid_keytype(pkeyblock->keytype)) return KRB5_PROG_ETYPE_NOSUPP; /* start by encoding to-be-encrypted part of the message */ @@ -41,9 +41,9 @@ encrypt_credencpart(context, pcredpart, pkeyblock, pencdata) /* put together an eblock for this encryption */ pencdata->kvno = 0; - pencdata->etype = pkeyblock->etype; + pencdata->keytype = pkeyblock->keytype; - krb5_use_cstype(context, &eblock, pkeyblock->etype); + krb5_use_keytype(context, &eblock, pkeyblock->keytype); pencdata->ciphertext.length = krb5_encrypt_size(scratch->length, eblock.crypto_entry); diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c index cf535ff070..9bac8a0afb 100644 --- a/src/lib/krb5/krb/mk_priv.c +++ b/src/lib/krb5/krb/mk_priv.c @@ -46,11 +46,11 @@ krb5_mk_priv_basic(context, userdata, keyblock, replaydata, local_addr, krb5_priv_enc_part privmsg_enc_part; krb5_data *scratch1, *scratch2; - if (!valid_etype(keyblock->etype)) + if (!valid_keytype(keyblock->keytype)) return KRB5_PROG_ETYPE_NOSUPP; privmsg.enc_part.kvno = 0; /* XXX allow user-set? */ - privmsg.enc_part.etype = keyblock->etype; + privmsg.enc_part.keytype = keyblock->keytype; privmsg_enc_part.user_data = *userdata; privmsg_enc_part.s_address = local_addr; @@ -66,7 +66,7 @@ krb5_mk_priv_basic(context, userdata, keyblock, replaydata, local_addr, return retval; /* put together an eblock for this encryption */ - krb5_use_cstype(context, &eblock, keyblock->etype); + krb5_use_keytype(context, &eblock, keyblock->keytype); privmsg.enc_part.ciphertext.length = krb5_encrypt_size(scratch1->length, eblock.crypto_entry); /* add padding area, and zero it */ diff --git a/src/lib/krb5/krb/mk_rep.c b/src/lib/krb5/krb/mk_rep.c index e1f31be386..7678e82012 100644 --- a/src/lib/krb5/krb/mk_rep.c +++ b/src/lib/krb5/krb/mk_rep.c @@ -44,22 +44,16 @@ krb5_mk_rep(context, auth_context, outbuf) { krb5_error_code retval; krb5_keytype keytype; - krb5_enctype etype; krb5_ap_rep_enc_part repl; krb5_encrypt_block eblock; krb5_ap_rep reply; krb5_data * scratch; krb5_data * toutbuf; - /* verify a valid etype is available */ + /* verify a valid keytype is available */ if (!valid_keytype(keytype = auth_context->keyblock->keytype)) return KRB5_PROG_KEYTYPE_NOSUPP; - etype = krb5_keytype_array[keytype]->system->proto_enctype; - - if (!valid_etype(etype)) - return KRB5_PROG_ETYPE_NOSUPP; - /* Make the reply */ if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && @@ -79,8 +73,8 @@ krb5_mk_rep(context, auth_context, outbuf) return retval; /* put together an eblock for this encryption */ - krb5_use_cstype(context, &eblock, etype); - reply.enc_part.etype = etype; + krb5_use_keytype(context, &eblock, keytype); + reply.enc_part.keytype = keytype; reply.enc_part.kvno = 0; /* XXX user set? */ reply.enc_part.ciphertext.length = krb5_encrypt_size(scratch->length, diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index 1afdcfd077..7420a8e913 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -98,9 +98,9 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds, if ((retval = decode_krb5_ticket(&(in_creds)->ticket, &request.ticket))) return(retval); - /* verify a valid etype is available */ - if (!valid_etype(request.ticket->enc_part.etype)) { - retval = KRB5_PROG_ETYPE_NOSUPP; + /* verify a valid keytype is available */ + if (!valid_keytype(request.ticket->enc_part.keytype)) { + retval = KRB5_PROG_KEYTYPE_NOSUPP; goto cleanup; } @@ -185,8 +185,8 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds, /* put together an eblock for this encryption */ - krb5_use_cstype(context, &eblock, request.ticket->enc_part.etype); - request.authenticator.etype = request.ticket->enc_part.etype; + krb5_use_keytype(context, &eblock, request.ticket->enc_part.keytype); + request.authenticator.keytype = request.ticket->enc_part.keytype; request.authenticator.kvno = 0; request.authenticator.ciphertext.length = krb5_encrypt_size(scratch->length, eblock.crypto_entry); diff --git a/src/lib/krb5/krb/rd_cred.c b/src/lib/krb5/krb/rd_cred.c index c8effba839..40fc123fc4 100644 --- a/src/lib/krb5/krb/rd_cred.c +++ b/src/lib/krb5/krb/rd_cred.c @@ -23,11 +23,11 @@ decrypt_credencdata(context, pcred, pkeyblock, pcredenc) krb5_error_code retval; krb5_data scratch; - if (!valid_etype(pcred->enc_part.etype)) + if (!valid_keytype(pcred->enc_part.keytype)) return KRB5_PROG_ETYPE_NOSUPP; /* put together an eblock for this decryption */ - krb5_use_cstype(context, &eblock, pcred->enc_part.etype); + krb5_use_keytype(context, &eblock, pcred->enc_part.keytype); scratch.length = pcred->enc_part.ciphertext.length; if (!(scratch.data = (char *)malloc(scratch.length))) diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index 75df2f17eb..a67e0def47 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -77,13 +77,13 @@ krb5_rd_priv_basic(context, inbuf, keyblock, local_addr, remote_addr, if ((retval = decode_krb5_priv(inbuf, &privmsg))) return retval; - if (!valid_etype(privmsg->enc_part.etype)) { + if (!valid_keytype(privmsg->enc_part.keytype)) { retval = KRB5_PROG_ETYPE_NOSUPP; goto cleanup_privmsg; } /* put together an eblock for this decryption */ - krb5_use_cstype(context, &eblock, privmsg->enc_part.etype); + krb5_use_keytype(context, &eblock, privmsg->enc_part.keytype); scratch.length = privmsg->enc_part.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) { diff --git a/src/lib/krb5/krb/rd_rep.c b/src/lib/krb5/krb/rd_rep.c index 4414215cb5..2a37bbf5dc 100644 --- a/src/lib/krb5/krb/rd_rep.c +++ b/src/lib/krb5/krb/rd_rep.c @@ -60,11 +60,11 @@ krb5_rd_rep(context, auth_context, inbuf, repl) /* put together an eblock for this encryption */ - if (!valid_etype(reply->enc_part.etype)) { + if (!valid_keytype(reply->enc_part.keytype)) { krb5_free_ap_rep(context, reply); - return KRB5_PROG_ETYPE_NOSUPP; + return KRB5_PROG_KEYTYPE_NOSUPP; } - krb5_use_cstype(context, &eblock, reply->enc_part.etype); + krb5_use_keytype(context, &eblock, reply->enc_part.keytype); scratch.length = reply->enc_part.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) { @@ -103,7 +103,6 @@ krb5_rd_rep(context, auth_context, inbuf, repl) /* Set auth subkey */ if ((*repl)->subkey) { - (*repl)->subkey->etype = reply->enc_part.etype; retval = krb5_copy_keyblock(context, (*repl)->subkey, &auth_context->remote_subkey); } diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index 10e566aa71..4c713f1da9 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -74,10 +74,10 @@ krb5_rd_req_decrypt_tkt_part(context, req, keytab) krb5_keytab_entry ktent; /* - * OK we know the encryption type req->ticket->enc_part.etype, + * OK we know the encryption type req->ticket->enc_part.keytype, * and now we need to get the keytype */ - keytype = krb5_csarray[req->ticket->enc_part.etype]->system->proto_keytype; + keytype = req->ticket->enc_part.keytype; if ((retval = krb5_kt_get_entry(context, keytab, req->ticket->server, req->ticket->enc_part.kvno, @@ -306,10 +306,7 @@ decrypt_authenticator(context, request, authpp) /* put together an eblock for this encryption */ - if (!valid_etype(request->authenticator.etype)) - return KRB5_PROG_ETYPE_NOSUPP; - - krb5_use_cstype(context, &eblock, request->authenticator.etype); + krb5_use_keytype(context, &eblock, request->authenticator.keytype); scratch.length = request->authenticator.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) @@ -340,8 +337,6 @@ free(scratch.data);} /* now decode the decrypted stuff */ if (!(retval = decode_krb5_authenticator(&scratch, &local_auth))) { *authpp = local_auth; - if (local_auth->subkey) - local_auth->subkey->etype = request->authenticator.etype; } clean_scratch(); return retval; diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c index cad41582a8..d7a9863f3d 100644 --- a/src/lib/krb5/krb/send_tgs.c +++ b/src/lib/krb5/krb/send_tgs.c @@ -30,7 +30,7 @@ Sends a request to the TGS and waits for a response. options is used for the options in the KRB_TGS_REQ. timestruct values are used for from, till, rtime " " " - etype is used for etype " " ", and to encrypt the authorization data, + keytype is used for keytype " " ", and to encrypt the authorization data, sname is used for sname " " " addrs, if non-NULL, is used for addresses " " " authorization_dat, if non-NULL, is used for authorization_dat " " " @@ -105,8 +105,8 @@ krb5_send_tgs_basic(context, in_data, in_cred, outbuf) goto cleanup_data; /* put together an eblock for this encryption */ - krb5_use_cstype(context, &eblock, request.ticket->enc_part.etype); - request.authenticator.etype = request.ticket->enc_part.etype; + krb5_use_keytype(context, &eblock, request.ticket->enc_part.keytype); + request.authenticator.keytype = request.ticket->enc_part.keytype; request.authenticator.ciphertext.length = krb5_encrypt_size(scratch->length, eblock.crypto_entry); @@ -165,12 +165,12 @@ cleanup_scratch: } krb5_error_code -krb5_send_tgs(context, kdcoptions, timestruct, etypes, sname, addrs, +krb5_send_tgs(context, kdcoptions, timestruct, ktypes, sname, addrs, authorization_data, padata, second_ticket, in_cred, rep) krb5_context context; const krb5_flags kdcoptions; const krb5_ticket_times * timestruct; - const krb5_enctype * etypes; + const krb5_keytype * ktypes; krb5_const_principal sname; krb5_address * const * addrs; krb5_authdata * const * authorization_data; @@ -218,8 +218,8 @@ krb5_send_tgs(context, kdcoptions, timestruct, etypes, sname, addrs, if ((retval = encode_krb5_authdata((const krb5_authdata**)authorization_data, &scratch))) return(retval); - krb5_use_cstype(context, &eblock, in_cred->keyblock.etype); - tgsreq.authorization_data.etype = in_cred->keyblock.etype; + krb5_use_keytype(context, &eblock, in_cred->keyblock.keytype); + tgsreq.authorization_data.keytype = in_cred->keyblock.keytype; tgsreq.authorization_data.kvno = 0; /* ticket session key has */ /* no version */ tgsreq.authorization_data.ciphertext.length = @@ -260,17 +260,17 @@ krb5_send_tgs(context, kdcoptions, timestruct, etypes, sname, addrs, } /* Get the encryption types list */ - if (etypes) { - /* Check passed etypes and make sure they're valid. */ - for (tgsreq.netypes = 0; etypes[tgsreq.netypes]; tgsreq.netypes++) { - if (!valid_etype(etypes[tgsreq.netypes])) - return KRB5_PROG_ETYPE_NOSUPP; + if (ktypes) { + /* Check passed ktypes and make sure they're valid. */ + for (tgsreq.nktypes = 0; ktypes[tgsreq.nktypes]; tgsreq.nktypes++) { + if (!valid_keytype(ktypes[tgsreq.nktypes])) + return KRB5_PROG_KEYTYPE_NOSUPP; } - tgsreq.etype = (krb5_enctype *)etypes; + tgsreq.ktype = (krb5_keytype *)ktypes; } else { - /* Get the default etypes */ - krb5_get_default_in_tkt_etypes(context, &(tgsreq.etype)); - for(tgsreq.netypes = 0; tgsreq.etype[tgsreq.netypes]; tgsreq.netypes++); + /* Get the default ktypes */ + krb5_get_default_in_tkt_ktypes(context, &(tgsreq.ktype)); + for(tgsreq.nktypes = 0; tgsreq.ktype[tgsreq.nktypes]; tgsreq.nktypes++); } if (second_ticket) { @@ -353,8 +353,8 @@ send_tgs_error_2:; krb5_free_ticket(context, sec_ticket); send_tgs_error_1:; - if (etypes == NULL) - krb5_xfree(tgsreq.etype); + if (ktypes == NULL) + krb5_xfree(tgsreq.ktype); if (tgsreq.authorization_data.ciphertext.data) { memset(tgsreq.authorization_data.ciphertext.data, 0, tgsreq.authorization_data.ciphertext.length); diff --git a/src/lib/krb5/krb/ser_ctx.c b/src/lib/krb5/krb/ser_ctx.c index d1c296be45..9cd71f979e 100644 --- a/src/lib/krb5/krb/ser_ctx.c +++ b/src/lib/krb5/krb/ser_ctx.c @@ -105,8 +105,8 @@ krb5_context_size(kcontext, arg, sizep) * krb5_int32 for KV5M_CONTEXT * krb5_int32 for sizeof(default_realm) * strlen(default_realm) for default_realm. - * krb5_int32 for netypes*sizeof(krb5_int32) - * netypes*sizeof(krb5_int32) for etypes. + * krb5_int32 for nktypes*sizeof(krb5_int32) + * nktypes*sizeof(krb5_int32) for ktypes. * krb5_int32 for trailer. */ kret = EINVAL; @@ -116,7 +116,7 @@ krb5_context_size(kcontext, arg, sizep) sizeof(krb5_int32) + sizeof(krb5_int32) + sizeof(krb5_int32) + - (context->etype_count * sizeof(krb5_int32))); + (context->ktype_count * sizeof(krb5_int32))); if (context->default_realm) required += strlen(context->default_realm); @@ -187,13 +187,13 @@ krb5_context_externalize(kcontext, arg, buffer, lenremain) strlen(context->default_realm), &bp, &remain); - /* Now number of etypes */ - (void) krb5_ser_pack_int32((krb5_int32) context->etype_count, + /* Now number of ktypes */ + (void) krb5_ser_pack_int32((krb5_int32) context->ktype_count, &bp, &remain); - /* Now serialize etypes */ - for (i=0; i<context->etype_count; i++) - (void) krb5_ser_pack_int32((krb5_int32) context->etypes[i], + /* Now serialize ktypes */ + for (i=0; i<context->ktype_count; i++) + (void) krb5_ser_pack_int32((krb5_int32) context->ktypes[i], &bp, &remain); kret = 0; @@ -280,22 +280,22 @@ krb5_context_internalize(kcontext, argp, buffer, lenremain) context->default_realm[ibuf] = '\0'; } - /* Get the number of etypes */ + /* Get the number of ktypes */ if (!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) { /* Reduce it to a count */ - context->etype_count = ibuf; - if ((context->etypes = (krb5_enctype *) - malloc(sizeof(krb5_enctype) * - (context->etype_count+1)))) { - memset(context->etypes, + context->ktype_count = ibuf; + if ((context->ktypes = (krb5_keytype *) + malloc(sizeof(krb5_keytype) * + (context->ktype_count+1)))) { + memset(context->ktypes, 0, - sizeof(krb5_enctype) * - (context->etype_count + 1)); - for (i=0; i<context->etype_count; i++) { + sizeof(krb5_keytype) * + (context->ktype_count + 1)); + for (i=0; i<context->ktype_count; i++) { if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) break; - context->etypes[i] = (krb5_enctype) ibuf; + context->ktypes[i] = (krb5_keytype) ibuf; } } } @@ -448,6 +448,7 @@ krb5_oscontext_internalize(kcontext, argp, buffer, lenremain) malloc(sizeof(struct _krb5_os_context))) && (remain >= 4*sizeof(krb5_int32))) { memset(os_ctx, 0, sizeof(struct _krb5_os_context)); + os_ctx->magic = KV5M_OS_CONTEXT; /* Read out our context */ (void) krb5_ser_unpack_int32(&os_ctx->time_offset, &bp, &remain); @@ -460,8 +461,7 @@ krb5_oscontext_internalize(kcontext, argp, buffer, lenremain) kret = 0; *buffer = bp; *lenremain = remain; - } - else + } else kret = EINVAL; } } diff --git a/src/lib/krb5/krb/ser_eblk.c b/src/lib/krb5/krb/ser_eblk.c index 791963e7df..dcc73d04d6 100644 --- a/src/lib/krb5/krb/ser_eblk.c +++ b/src/lib/krb5/krb/ser_eblk.c @@ -63,14 +63,13 @@ krb5_encrypt_block_size(kcontext, arg, sizep) size_t required; /* - * NOTE: This ASSuMES that keytype and etype are sufficient to recreate + * NOTE: This ASSuMES that keytype are sufficient to recreate * the _krb5_cryptosystem_entry. If this is not true, then something else * had better be encoded here. * * krb5_encrypt_block base requirements: * krb5_int32 for KV5M_ENCRYPT_BLOCK * krb5_int32 for keytype - * krb5_int32 for etype; * krb5_int32 for private length * encrypt_block->priv_size for private contents * krb5_int32 for KV5M_ENCRYPT_BLOCK @@ -128,11 +127,6 @@ krb5_encrypt_block_externalize(kcontext, arg, buffer, lenremain) crypto_entry->proto_keytype, &bp, &remain); - /* Our etype */ - (void) krb5_ser_pack_int32((krb5_int32) encrypt_block-> - crypto_entry->proto_enctype, - &bp, &remain); - /* Our length */ (void) krb5_ser_pack_int32((krb5_int32) encrypt_block->priv_size, &bp, &remain); @@ -178,7 +172,6 @@ krb5_encrypt_block_internalize(kcontext, argp, buffer, lenremain) krb5_encrypt_block *encrypt_block; krb5_int32 ibuf; krb5_keytype ktype; - krb5_enctype etype; krb5_octet *bp; size_t remain; @@ -201,16 +194,8 @@ krb5_encrypt_block_internalize(kcontext, argp, buffer, lenremain) (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); ktype = (krb5_keytype) ibuf; - /* Get the etype */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - etype = (krb5_enctype) ibuf; - - /* - * Use the etype to determine the crypto_system entry. In the - * future, we may need to use a combination of keytype/etype or - * just keytype here. - */ - krb5_use_cstype(kcontext, encrypt_block, etype); + /* Use the ktype to determine the crypto_system entry. */ + krb5_use_keytype(kcontext, encrypt_block, ktype); /* Get the length */ (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); diff --git a/src/lib/krb5/krb/ser_key.c b/src/lib/krb5/krb/ser_key.c index eacbf011a5..78245407a3 100644 --- a/src/lib/krb5/krb/ser_key.c +++ b/src/lib/krb5/krb/ser_key.c @@ -65,7 +65,6 @@ krb5_keyblock_size(kcontext, arg, sizep) * krb5_keyblock requires: * krb5_int32 for KV5M_KEYBLOCK * krb5_int32 for keytype - * krb5_int32 for etype; * krb5_int32 for length * keyblock->length for contents * krb5_int32 for KV5M_KEYBLOCK @@ -114,10 +113,6 @@ krb5_keyblock_externalize(kcontext, arg, buffer, lenremain) (void) krb5_ser_pack_int32((krb5_int32) keyblock->keytype, &bp, &remain); - /* Our etype */ - (void) krb5_ser_pack_int32((krb5_int32) keyblock->etype, - &bp, &remain); - /* Our length */ (void) krb5_ser_pack_int32((krb5_int32) keyblock->length, &bp, &remain); @@ -172,10 +167,6 @@ krb5_keyblock_internalize(kcontext, argp, buffer, lenremain) (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); keyblock->keytype = (krb5_keytype) ibuf; - /* Get the etype */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - keyblock->etype = (krb5_enctype) ibuf; - /* Get the length */ (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); keyblock->length = (int) ibuf; diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c index ad635d97db..4ea7238205 100644 --- a/src/lib/krb5/krb/t_ser.c +++ b/src/lib/krb5/krb/t_ser.c @@ -293,8 +293,7 @@ ser_acontext_test(kcontext, verbose) KV5M_AUTH_CONTEXT))) { memset(&ukeyblock, 0, sizeof(ukeyblock)); memset(keydata, 0, sizeof(keydata)); - ukeyblock.keytype = KEYTYPE_DES; - ukeyblock.etype = ETYPE_DES_CBC_MD5; + ukeyblock.keytype = KEYTYPE_DES_CBC_MD5; ukeyblock.length = sizeof(keydata); ukeyblock.contents = keydata; keydata[0] = 0xde; @@ -510,7 +509,7 @@ ser_eblock_test(kcontext, verbose) memset(&eblock, 0, sizeof(krb5_encrypt_block)); eblock.magic = KV5M_ENCRYPT_BLOCK; - krb5_use_cstype(kcontext, &eblock, DEFAULT_KDC_ETYPE); + krb5_use_keytype(kcontext, &eblock, DEFAULT_KDC_KEYTYPE); if (!(kret = ser_data(verbose, "> NULL eblock", (krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) { eblock.priv = (krb5_pointer) ser_eblock_test; @@ -520,8 +519,7 @@ ser_eblock_test(kcontext, verbose) KV5M_ENCRYPT_BLOCK))) { memset(&ukeyblock, 0, sizeof(ukeyblock)); memset(keydata, 0, sizeof(keydata)); - ukeyblock.keytype = KEYTYPE_DES; - ukeyblock.etype = ETYPE_DES_CBC_MD5; + ukeyblock.keytype = KEYTYPE_DES_CBC_MD5; ukeyblock.length = sizeof(keydata); ukeyblock.contents = keydata; keydata[0] = 0xde; |