Reintegrate Macintosh changes while keeping Proven's changes

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6753 dc483132-0cff-0310-8789-dd5450dbe970

8 files changed, 78 insertions, 66 deletions

diff --git a/src/include/ChangeLog b/src/include/ChangeLog
index 30fa3dba2..e813a51c5 100644
--- a/src/include/ChangeLog
+++ b/src/include/ChangeLog
@@ -7,8 +7,25 @@ Wed Sep  6 12:00:00 1995  James Mattly  <mattly@fusion.com>
 	* k5-int.h:  Added requisite defines, fake struct definitions for compilation
 		on MACINTOSH.
 
+Wed Sep 06 14:20:57 1995   Chris Provenzano (proven@mit.edu)
+
+        * k5-int.h krb5.hin : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
+
+Tue Sep 05 22:10:34 1995   Chris Provenzano (proven@mit.edu)
+
+        * k5-int.h, krb5.hin : Remove krb5_enctype references, and replace with
+                krb5_keytype where appropriate.
+
 Fri Sep  1 00:44:59 1995  Theodore Y. Ts'o  <tytso@dcl>
 
+	* k5-int.h: Added clockskew, kdc_req_sumtype, and
+		kdc_default_options to the krb5_context structure.
+
+	* krb5.hin: Added expected nonce and request_time fields to the
+	        krb5_response structure.  The fields are used to pass
+		information from krb5_send_tgs() to
+		krb5_get_cred_via_tkt() so that it can do sanity checking.
+
 	* k5-int.h: Add time offset field to the os_context structure.
 		This offset is added to the system clock time to produce
 		the "true" time.  
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index d76282f28..2dc2c1048 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -215,6 +215,10 @@ int stat(const char *path, struct stat *buf);
 int fstat(int fildes, struct stat *buf);
 
 #define EFBIG 1000
+#define OLD_CONFIG_FILES
+#define PROF_NO_SECTION 1
+#define PROF_NO_RELATION 2
+#define KRB5_REALM_CANT_RESOLVE 1
 
 #define NOFCHMOD 1
 #define NOCHMOD 1
@@ -401,7 +405,7 @@ int win_socket_initialize();
 #define	KDC_ERR_NEVER_VALID		11 /* Requested starttime > endtime */
 #define	KDC_ERR_POLICY			12 /* KDC policy rejects request */
 #define	KDC_ERR_BADOPTION		13 /* KDC can't do requested opt. */
-#define	KDC_ERR_ETYPE_NOSUPP		14 /* No support for encryption type */
+#define	KDC_ERR_ENCTYPE_NOSUPP		14 /* No support for encryption type */
 #define KDC_ERR_SUMTYPE_NOSUPP		15 /* No support for checksum type */
 #define KDC_ERR_PADATA_TYPE_NOSUPP	16 /* No support for padata type */
 #define KDC_ERR_TRTYPE_NOSUPP		17 /* No support for transited type */
@@ -885,16 +889,22 @@ krb5_error_code verify_securid_padata
 
 struct _krb5_context {
 	krb5_magic	magic;
-	krb5_enctype  FAR *etypes;
-	int		etype_count;
+	krb5_enctype  FAR *ktypes;
+	int		ktype_count;
 	void	      FAR *os_context;
 	char	      FAR *default_realm;
 	profile_t     profile;
 	void	      FAR *db_context;
 	int		ser_ctx_count;
-	void	      FAR *ser_ctx;
+	void	      	FAR *ser_ctx;
+	krb5_deltat 	clockskew; /* allowable clock skew */
+	krb5_cksumtype	kdc_req_sumtype;
+	krb5_flags 	kdc_default_options;
+	krb5_flags	library_options;
 };
 
+#define KRB5_LIBOPT_SYNC_KDCTIME	0x0001
+
 /*
  * Begin "asn1.h"
  */
diff --git a/src/include/krb5.hin b/src/include/krb5.hin
index 19ed896ba..423f19695 100644
--- a/src/include/krb5.hin
+++ b/src/include/krb5.hin
@@ -135,7 +135,6 @@ typedef	unsigned int krb5_msgtype;
 typedef	unsigned int krb5_kvno;	
 
 typedef	unsigned int krb5_addrtype;
-typedef unsigned int krb5_keytype;
 typedef unsigned int krb5_enctype;
 typedef unsigned int krb5_cksumtype;
 typedef unsigned int krb5_authdatatype;
@@ -283,8 +282,7 @@ typedef struct _krb5_auth_context FAR * krb5_auth_context;
 
 typedef struct _krb5_keyblock {
     krb5_magic magic;
-    krb5_keytype keytype;
-    krb5_enctype etype;	/* hint of what encryption type to use */
+    krb5_enctype enctype;
     int length;
     krb5_octet FAR *contents;
 } krb5_keyblock;
@@ -307,7 +305,7 @@ typedef struct _krb5_encrypt_block {
 
 typedef struct _krb5_enc_data {
     krb5_magic magic;
-    krb5_enctype etype;
+    krb5_enctype enctype;
     krb5_kvno kvno;
     krb5_data ciphertext;
 } krb5_enc_data;
@@ -329,7 +327,7 @@ typedef struct _krb5_cryptosystem_entry {
 					      krb5_const krb5_keyblock FAR *));
     krb5_error_code (*finish_key) KRB5_NPROTOTYPE(( krb5_encrypt_block FAR *));
     krb5_error_code (*string_to_key) KRB5_NPROTOTYPE((krb5_const krb5_encrypt_block FAR *,
-						 krb5_const krb5_keytype,
+						 krb5_const krb5_enctype,
 						krb5_keyblock FAR *,
 						krb5_const krb5_data FAR *,
  	                                        krb5_const krb5_data FAR *));
@@ -342,10 +340,7 @@ typedef struct _krb5_cryptosystem_entry {
     int block_length;
     int pad_minimum;			/* needed for cksum size computation */
     int keysize;
-    krb5_enctype proto_enctype;		/* encryption type,
-					   (assigned protocol number AND
-					    table index) */
-    krb5_keytype proto_keytype;		/* key type,
+    krb5_enctype proto_enctype;		/* key type,
 					   (assigned protocol number AND
 					    table index) */
 } krb5_cryptosystem_entry;
@@ -382,18 +377,12 @@ typedef struct _krb5_checksum_entry {
 } krb5_checksum_entry;
 
 /* per Kerberos v5 protocol spec */
-#define	KEYTYPE_NULL		0x0000
-#define KEYTYPE_DES		0x0001	/* Data Encryption Standard,
-					   FIPS 46,81 */
-#define KEYTYPE_UNKNOWN		0x01ff
-
-#define	ETYPE_NULL		0x0000
-#define	ETYPE_DES_CBC_CRC	0x0001	/* DES cbc mode with CRC-32 */
-#define	ETYPE_DES_CBC_MD4	0x0002	/* DES cbc mode with RSA-MD4 */
-#define	ETYPE_DES_CBC_MD5	0x0003	/* DES cbc mode with RSA-MD5 */
-#define	ETYPE_RAW_DES_CBC       0x0004  /* Raw DES cbc mode */
-
-#define ETYPE_UNKNOWN		0x1FF 	/* Reserved local value */
+#define	ENCTYPE_NULL		0x0000
+#define	ENCTYPE_DES_CBC_CRC	0x0001	/* DES cbc mode with CRC-32 */
+#define	ENCTYPE_DES_CBC_MD4	0x0002	/* DES cbc mode with RSA-MD4 */
+#define	ENCTYPE_DES_CBC_MD5	0x0003	/* DES cbc mode with RSA-MD5 */
+#define	ENCTYPE_DES_CBC_RAW     0x0004  /* DES cbc mode raw */
+#define ENCTYPE_UNKNOWN		0x01ff
 
 #define	CKSUMTYPE_CRC32		0x0001
 #define	CKSUMTYPE_RSA_MD4	0x0002
@@ -419,17 +408,15 @@ extern int krb5_max_cryptosystem;		/* max entry in array */
 
 /* This array is indexed by key type, and has (should have) pointers to
    the same entries as krb5_csarray */
-/* XXX what if a given keytype works for several etypes? */
-extern krb5_cs_table_entry * NEAR krb5_keytype_array[];
-extern int krb5_max_keytype;		/* max entry in array */
+/* XXX what if a given enctype works for several etypes? */
+extern krb5_cs_table_entry * NEAR krb5_enctype_array[];
+extern int krb5_max_enctype;		/* max entry in array */
 
 /* This array is indexed by checksum type */
 extern krb5_checksum_entry * NEAR krb5_cksumarray[];
 extern int krb5_max_cksum;		/* max entry in array */
 
-#define valid_etype(etype)     ((((int) (etype)) <= krb5_max_cryptosystem) && ((etype) > 0) && krb5_csarray[etype])
-
-#define valid_keytype(ktype)     ((((int) (ktype)) <= krb5_max_keytype) && ((ktype) > 0) && krb5_keytype_array[ktype])
+#define valid_enctype(ktype)     ((((int) (ktype)) <= krb5_max_enctype) && ((ktype) > 0) && krb5_enctype_array[ktype])
 
 #define valid_cksumtype(cktype)     ((((int) (cktype)) <= krb5_max_cksum) && ((cktype) > 0) && krb5_cksumarray[cktype])
 
@@ -437,20 +424,17 @@ extern int krb5_max_cksum;		/* max entry in array */
 #define is_keyed_cksum(cktype) (krb5_cksumarray[cktype]->uses_key)
 
 /* set up *eblockp to use etype */
-#define krb5_use_cstype(context, eblockp, etype) (eblockp)->crypto_entry = krb5_csarray[(etype)]->system
-/* ...or keytype */
-#define krb5_use_keytype(context, eblockp, keytype) (eblockp)->crypto_entry = krb5_keytype_array[(keytype)]->system
+#define krb5_use_enctype(context, eblockp, enctype) (eblockp)->crypto_entry = krb5_enctype_array[(enctype)]->system
 
 #define krb5_encrypt(context, inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->encrypt_func)(inptr, outptr, size, eblock, ivec)
 #define krb5_decrypt(context, inptr, outptr, size, eblock, ivec) (*(eblock)->crypto_entry->decrypt_func)(inptr, outptr, size, eblock, ivec)
 #define krb5_process_key(context, eblock, key) (*(eblock)->crypto_entry->process_key)(eblock, key)
 #define krb5_finish_key(context, eblock) (*(eblock)->crypto_entry->finish_key)(eblock)
-#define krb5_string_to_key(context, eblock, keytype, keyblock, data, princ) (*(eblock)->crypto_entry->string_to_key)(eblock, keytype, keyblock, data, princ)
+#define krb5_string_to_key(context, eblock, enctype, keyblock, data, princ) (*(eblock)->crypto_entry->string_to_key)(eblock, enctype, keyblock, data, princ)
 #define krb5_init_random_key(context, eblock, keyblock, ptr) (*(eblock)->crypto_entry->init_random_key)(keyblock, ptr)
 #define krb5_finish_random_key(context, eblock, ptr) (*(eblock)->crypto_entry->finish_random_key)(ptr)
 #define krb5_random_key(context, eblock, ptr, keyblock) (*(eblock)->crypto_entry->random_key)(eblock, ptr, keyblock)
 
-#define krb5_eblock_keytype(context, eblockp) ((eblockp)->crypto_entry->proto_keytype)
 #define krb5_eblock_enctype(context, eblockp) ((eblockp)->crypto_entry->proto_enctype)
 
 /*
@@ -717,7 +701,7 @@ typedef struct _krb5_enc_tkt_part {
     krb5_magic magic;
     /* to-be-encrypted portion */
     krb5_flags flags;			/* flags */
-    krb5_keyblock FAR *session;		/* session key: includes keytype */
+    krb5_keyblock FAR *session;		/* session key: includes enctype */
     krb5_principal client;		/* client name/realm */
     krb5_transited transited;		/* list of transited realms */
     krb5_ticket_times times;		/* auth, start, end, renew_till */
@@ -800,8 +784,8 @@ typedef struct _krb5_kdc_req {
     krb5_timestamp till;		/* requested endtime */
     krb5_timestamp rtime;		/* (optional) requested renew_till */
     krb5_int32 nonce;			/* nonce to match request/response */
-    int netypes;			/* # of etypes, must be positive */
-    krb5_enctype FAR *etype;		/* requested encryption type(s) */
+    int nktypes;			/* # of ktypes, must be positive */
+    krb5_enctype FAR *ktype;		/* requested enctype(s) */
     krb5_address FAR * FAR *addresses;	/* requested addresses, optional */
     krb5_enc_data authorization_data;	/* encrypted auth data; OPTIONAL */
     krb5_authdata FAR * FAR *unenc_authdata; /* unencrypted auth data,
@@ -876,6 +860,8 @@ typedef struct _krb5_response {
     krb5_magic magic;
     krb5_octet message_type;
     krb5_data response;
+    krb5_int32 expected_nonce;	/* The expected nonce for KDC_REP messages */
+    krb5_timestamp request_time;   /* When we made the request */
 } krb5_response;
 
 typedef struct _krb5_safe {
@@ -1170,7 +1156,7 @@ typedef struct _krb5_kt_ops {
 		    krb5_keytab,
 		    krb5_principal,
 		    krb5_kvno,
-		    krb5_keytype,
+		    krb5_enctype,
 		    krb5_keytab_entry FAR *));
     krb5_error_code (*start_seq_get) 
 	KRB5_NPROTOTYPE((krb5_context,
@@ -1202,7 +1188,7 @@ typedef struct _krb5_kt_ops {
 #define krb5_kt_get_type(context, keytab) (*(keytab)->ops->prefix)
 #define krb5_kt_get_name(context, keytab, name, namelen) (*(keytab)->ops->get_name)(context, keytab,name,namelen)
 #define krb5_kt_close(context, keytab) (*(keytab)->ops->close)(context, keytab)
-#define krb5_kt_get_entry(context, keytab, principal, vno, keytype, entry) (*(keytab)->ops->get)(context, keytab, principal, vno, keytype, entry)
+#define krb5_kt_get_entry(context, keytab, principal, vno, enctype, entry) (*(keytab)->ops->get)(context, keytab, principal, vno, enctype, entry)
 #define krb5_kt_start_seq_get(context, keytab, cursor) (*(keytab)->ops->start_seq_get)(context, keytab, cursor)
 #define krb5_kt_next_entry(context, keytab, entry, cursor) (*(keytab)->ops->get_next)(context, keytab, entry, cursor)
 #define krb5_kt_end_seq_get(context, keytab, cursor) (*(keytab)->ops->end_get)(context, keytab, cursor)
@@ -1225,10 +1211,10 @@ krb5_error_code INTERFACE krb5_init_context
 void krb5_free_context
 	KRB5_PROTOTYPE((krb5_context));
 
-krb5_error_code krb5_set_default_in_tkt_etypes
+krb5_error_code krb5_set_default_in_tkt_ktypes
 	KRB5_PROTOTYPE((krb5_context,
 		   krb5_const krb5_enctype *));
-krb5_error_code krb5_get_default_in_tkt_etypes
+krb5_error_code krb5_get_default_in_tkt_ktypes
 	KRB5_PROTOTYPE((krb5_context,
 		   krb5_enctype **));
 
@@ -1646,7 +1632,7 @@ krb5_error_code krb5_get_in_tkt
 		   krb5_enctype *,
 		   krb5_preauthtype *,
 		   krb5_error_code ( * )(krb5_context,
-					krb5_const krb5_keytype,
+					krb5_const krb5_enctype,
                                         krb5_data *,
                                         krb5_const_pointer,
                                         krb5_keyblock **),
@@ -1698,7 +1684,6 @@ krb5_error_code krb5_decode_kdc_rep
 	KRB5_PROTOTYPE((krb5_context,
 		   krb5_data *,
 		   krb5_const krb5_keyblock *,
-		   krb5_const krb5_enctype,
 		   krb5_kdc_rep ** ));
 
 krb5_error_code krb5_rd_req
@@ -1724,7 +1709,7 @@ krb5_error_code krb5_kt_read_service_key
 		   krb5_pointer,
 		   krb5_principal,
 		   krb5_kvno,
-		   krb5_keytype,
+		   krb5_enctype,
 		   krb5_keyblock **));
 krb5_error_code krb5_mk_safe
 	KRB5_PROTOTYPE((krb5_context,
diff --git a/src/include/krb5/adm.h b/src/include/krb5/adm.h
index a3ba3e90b..cd461b1d4 100644
--- a/src/include/krb5/adm.h
+++ b/src/include/krb5/adm.h
@@ -163,13 +163,12 @@
 #define	KRB5_ADM_KT_PRINCIPAL	0
 #define	KRB5_ADM_KT_TIMESTAMP	1
 #define	KRB5_ADM_KT_VNO		2
-#define	KRB5_ADM_KT_KEY_KEYTYPE	3
-#define	KRB5_ADM_KT_KEY_ETYPE	4
-#define	KRB5_ADM_KT_KEY_KEY	5
-#define	KRB5_ADM_KT_NCOMPS	6
+#define	KRB5_ADM_KT_KEY_ENCTYPE	3
+#define	KRB5_ADM_KT_KEY_KEY	4
+#define	KRB5_ADM_KT_NCOMPS	5
 
 typedef struct __krb5_key_salt_tuple {
-    krb5_keytype	ks_keytype;
+    krb5_enctype	ks_enctype;
     krb5_int32		ks_salttype;
 } krb5_key_salt_tuple;
 
@@ -184,7 +183,6 @@ typedef struct __krb5_realm_params {
     krb5_int32		realm_kdc_pport;
     krb5_int32		realm_kdc_sport;
     krb5_int32		realm_kadmind_port;
-    krb5_keytype	realm_keytype;
     krb5_enctype	realm_enctype;
     krb5_deltat		realm_max_life;
     krb5_deltat		realm_max_rlife;
@@ -194,7 +192,6 @@ typedef struct __krb5_realm_params {
     unsigned int	realm_kdc_pport_valid:1;
     unsigned int	realm_kdc_sport_valid:1;
     unsigned int	realm_kadmind_port_valid:1;
-    unsigned int	realm_keytype_valid:1;
     unsigned int	realm_enctype_valid:1;
     unsigned int	realm_max_life_valid:1;
     unsigned int	realm_max_rlife_valid:1;
diff --git a/src/include/krb5/adm_proto.h b/src/include/krb5/adm_proto.h
index 842ae5281..64b10c46c 100644
--- a/src/include/krb5/adm_proto.h
+++ b/src/include/krb5/adm_proto.h
@@ -167,12 +167,10 @@ krb5_error_code krb5_free_realm_params KRB5_PROTOTYPE((krb5_context,
 
 /* str_conv.c */
 krb5_error_code
-krb5_string_to_keytype KRB5_PROTOTYPE((char *, krb5_keytype *));
+krb5_string_to_enctype KRB5_PROTOTYPE((char *, krb5_enctype *));
 krb5_error_code
 krb5_string_to_salttype KRB5_PROTOTYPE((char *, krb5_int32 *));
 krb5_error_code
-krb5_string_to_enctype KRB5_PROTOTYPE((char *, krb5_enctype *));
-krb5_error_code
 krb5_string_to_cksumtype KRB5_PROTOTYPE((char *, krb5_cksumtype *));
 krb5_error_code
 krb5_string_to_flags KRB5_PROTOTYPE((char *,
@@ -184,12 +182,10 @@ krb5_string_to_timestamp KRB5_PROTOTYPE((char *, krb5_timestamp *));
 krb5_error_code
 krb5_string_to_deltat KRB5_PROTOTYPE((char *, krb5_deltat *));
 krb5_error_code
-krb5_keytype_to_string KRB5_PROTOTYPE((krb5_keytype, char *, size_t));
+krb5_enctype_to_string KRB5_PROTOTYPE((krb5_enctype, char *, size_t));
 krb5_error_code
 krb5_salttype_to_string KRB5_PROTOTYPE((krb5_int32, char *, size_t));
 krb5_error_code
-krb5_enctype_to_string KRB5_PROTOTYPE((krb5_enctype, char *, size_t));
-krb5_error_code
 krb5_cksumtype_to_string KRB5_PROTOTYPE((krb5_cksumtype, char *, size_t));
 krb5_error_code
 krb5_flags_to_string KRB5_PROTOTYPE((krb5_flags,
@@ -210,7 +206,7 @@ krb5_deltat_to_string KRB5_PROTOTYPE((krb5_deltat, char *, size_t));
 krb5_boolean
 krb5_keysalt_is_present KRB5_PROTOTYPE((krb5_key_salt_tuple *,
 					krb5_int32,
-					krb5_keytype,
+					krb5_enctype,
 					krb5_int32));
 krb5_error_code
 krb5_keysalt_iterate
diff --git a/src/include/krb5/kdb.h b/src/include/krb5/kdb.h
index 3d6c77b46..032c40c67 100644
--- a/src/include/krb5/kdb.h
+++ b/src/include/krb5/kdb.h
@@ -44,7 +44,7 @@ typedef struct _krb5_tl_data {
  * If this ever changes up the version number and make the arrays be as
  * big as necessary.
  *
- * Currently the first type is the keytype and the second is the salt type.
+ * Currently the first type is the enctype and the second is the salt type.
  */
 typedef struct _krb5_key_data {
     krb5_int16 		  key_data_ver;		/* Version */
@@ -298,10 +298,10 @@ void krb5_dbe_free_contents
 	KRB5_PROTOTYPE((krb5_context,
     		   krb5_db_entry *));
 
-krb5_error_code krb5_dbe_find_keytype
+krb5_error_code krb5_dbe_find_enctype
 	KRB5_PROTOTYPE((krb5_context,
 			krb5_db_entry *,
-			krb5_keytype,
+			krb5_enctype,
 			krb5_int32,
 			krb5_int32,
 			krb5_key_data **));
@@ -346,7 +346,7 @@ krb5_error_code krb5_ser_db_context_init KRB5_PROTOTYPE((krb5_context));
 
 typedef struct _krb5_encrypted_keyblock {
     krb5_magic magic;
-    short keytype;			/* XXX this is SO ugly --- proven */
+    short enctype;			/* XXX this is SO ugly --- proven */
     int length;
     krb5_octet *contents;
 } krb5_encrypted_keyblock;
diff --git a/src/include/krb5/stock/ChangeLog b/src/include/krb5/stock/ChangeLog
index f64192f4c..d95657385 100644
--- a/src/include/krb5/stock/ChangeLog
+++ b/src/include/krb5/stock/ChangeLog
@@ -2,6 +2,14 @@
 Mon Jul 17 15:05:42 EDT 1995	Paul Park	(pjpark@mit.edu)
 	* osconf.h - Add DEFAULT_KEYFILE_STUB which puts the stashfile in
 		the kdc directory instead of the root.  Also, change the
+Wed Sep 06 14:20:57 1995   Chris Provenzano (proven@mit.edu)
+
+        * osconf.h : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
+
+Tue Sep 05 22:10:34 1995   Chris Provenzano (proven@mit.edu)
+
+        * osconf.h : Remove krb5_enctype references, and replace with
+                krb5_keytype where appropriate.
 		default ETYPE to DES_CBC_MD5 now that it works.
 
 
diff --git a/src/include/krb5/stock/osconf.h b/src/include/krb5/stock/osconf.h
index 5271101d7..0c1353885 100644
--- a/src/include/krb5/stock/osconf.h
+++ b/src/include/krb5/stock/osconf.h
@@ -55,8 +55,7 @@
 #define	DEFAULT_KDC_PROFILE	"@PREFIX/lib/krb5kdc/kdc.prof"
 #define	KDC_PROFILE_ENV		"KRB5_KDC_PROFILE"
 
-#define	DEFAULT_KDC_ETYPE	ETYPE_DES_CBC_MD5
-#define	DEFAULT_KDC_KEYTYPE	KEYTYPE_DES
+#define	DEFAULT_KDC_ENCTYPE	ENCTYPE_DES_CBC_CRC
 #define KDCRCACHE		"dfl:krb5kdc_rcache"
 
 #define KDC_PORTNAME		"kerberos" /* for /etc/services or equiv. */