summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/krb5/krb/ChangeLog23
-rw-r--r--src/lib/krb5/krb/fwd_tgt.c3
-rw-r--r--src/lib/krb5/krb/gc_frm_kdc.c12
-rw-r--r--src/lib/krb5/krb/get_creds.c6
-rw-r--r--src/lib/krb5/krb/init_ctx.c26
-rw-r--r--src/lib/krb5/krb/str_conv.c2
-rw-r--r--src/lib/krb5/krb/t_ser.c8
7 files changed, 64 insertions, 16 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index d0c0348d9..a749b6c17 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,26 @@
+1999-09-01 Ken Raeburn <raeburn@mit.edu>
+
+ * init_ctx.c (get_profile_etype_list): Update name of the des3
+ entry in the default etype list.
+
+ * init_ctx.c (get_profile_etype_list): New argument DESONLY; if
+ set, ignore any ktype values other than NULL, DES_CBC_CRC, and
+ DES_CBC_MD5.
+ (krb5_get_default_in_tkt_ktypes, krb5_get_tgs_ktypes): Set it.
+ (krb5_get_permitted_enctypes): Don't set it.
+
+ * fwd_tgt.c (krb5_fwd_tgt_creds): Use KRB5_TC_SUPPORTED_KTYPES
+ when calling krb5_cc_retrieve_cred.
+ * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Ditto.
+ * get_creds.c (krb5_get_credentials_core): Set that flag.
+ (krb5_get_credentials): Check for KRB5_CC_NOT_KTYPE error return.
+
+ * t_ser.c (main): Disable eblock serialization test, since the
+ code it tests was disabled nearly a year ago.
+
+ * str_conv.c (krb5_timestamp_to_sfstring): Don't pass extra
+ argument to sprintf.
+
1999-08-10 Alexandra Ellwood <lxs@mit.edu>
* chpw.c (krb5_mk_chpw_req):
diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c
index 0a8ce2240..2ae1bb136 100644
--- a/src/lib/krb5/krb/fwd_tgt.c
+++ b/src/lib/krb5/krb/fwd_tgt.c
@@ -93,7 +93,8 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc,
}
/* fetch tgt directly from cache */
- retval = krb5_cc_retrieve_cred (context, cc, 0, &creds, &tgt);
+ retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_SUPPORTED_KTYPES,
+ &creds, &tgt);
if (retval)
goto errout;
diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c
index ac31b466d..ed6bc55a7 100644
--- a/src/lib/krb5/krb/gc_frm_kdc.c
+++ b/src/lib/krb5/krb/gc_frm_kdc.c
@@ -118,10 +118,10 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt)
}
if ((retval = krb5_cc_retrieve_cred(context, ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
- if (retval != KRB5_CC_NOTFOUND) {
+ if (retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) {
goto cleanup;
}
@@ -154,7 +154,7 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt)
goto cleanup;
if ((retval = krb5_cc_retrieve_cred(context, ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
goto cleanup;
}
@@ -217,10 +217,10 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt)
goto cleanup;
if ((retval = krb5_cc_retrieve_cred(context, ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
- if (retval != KRB5_CC_NOTFOUND) {
+ if (retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE) {
goto cleanup;
}
@@ -280,7 +280,7 @@ krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts, kdcopt)
goto cleanup;
if ((retval = krb5_cc_retrieve_cred(context, ccache,
- KRB5_TC_MATCH_SRV_NAMEONLY,
+ KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
&tgtq, &tgt))) {
if (retval != KRB5_CC_NOTFOUND) {
goto cleanup;
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index 4fbf4cf33..240143931 100644
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -69,7 +69,8 @@ krb5_get_credentials_core(context, options, ccache, in_creds, out_creds,
mcreds->client = in_creds->client;
*fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */
- | KRB5_TC_MATCH_AUTHDATA ;
+ | KRB5_TC_MATCH_AUTHDATA
+ | KRB5_TC_SUPPORTED_KTYPES;
if (mcreds->keyblock.enctype)
*fields |= KRB5_TC_MATCH_KTYPE;
if (options & KRB5_GC_USER_USER) {
@@ -120,7 +121,8 @@ krb5_get_credentials(context, options, ccache, in_creds, out_creds)
*out_creds = ncreds;
}
- if (retval != KRB5_CC_NOTFOUND || options & KRB5_GC_CACHED)
+ if ((retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE)
+ || options & KRB5_GC_CACHED)
return retval;
retval = krb5_get_cred_from_kdc(context, ccache, ncreds, out_creds, &tgts);
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index 2ddd2d0c5..8137843a7 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -250,12 +250,13 @@ krb5_set_default_in_tkt_ktypes(context, ktypes)
}
static krb5_error_code
-get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
+get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list, desonly)
krb5_context context;
krb5_enctype **ktypes;
char *profstr;
int ctx_count;
krb5_enctype FAR *ctx_list;
+ int desonly;
{
krb5_enctype *old_ktypes;
@@ -283,7 +284,7 @@ get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
code = profile_get_string(context->profile, "libdefaults", profstr,
NULL,
- "des3-hmac-sha1 des-cbc-md5 des-cbc-crc",
+ "des3-cbc-sha1 des-cbc-md5 des-cbc-crc",
&retval);
if (code)
return code;
@@ -313,8 +314,21 @@ get_profile_etype_list(context, ktypes, profstr, ctx_count, ctx_list)
j = 0;
i = 1;
while (1) {
- if (! krb5_string_to_enctype(sp, &old_ktypes[j]))
+ if (! krb5_string_to_enctype(sp, &old_ktypes[j])) {
+ switch (old_ktypes[j]) {
+ default:
+ if (desonly)
+ /* Other types not supported yet. */
+ break;
+ /* else fall through */
+
+ case ENCTYPE_NULL:
+ case ENCTYPE_DES_CBC_CRC:
+ case ENCTYPE_DES_CBC_MD5:
j++;
+ break;
+ }
+ }
if (i++ >= count)
break;
@@ -339,7 +353,7 @@ krb5_get_default_in_tkt_ktypes(context, ktypes)
{
return(get_profile_etype_list(context, ktypes, "default_tkt_enctypes",
context->in_tkt_ktype_count,
- context->in_tkt_ktypes));
+ context->in_tkt_ktypes, 1));
}
krb5_error_code
@@ -382,7 +396,7 @@ krb5_get_tgs_ktypes(context, princ, ktypes)
{
return(get_profile_etype_list(context, ktypes, "default_tgs_enctypes",
context->tgs_ktype_count,
- context->tgs_ktypes));
+ context->tgs_ktypes, 1));
}
krb5_error_code
@@ -392,7 +406,7 @@ krb5_get_permitted_enctypes(context, ktypes)
{
return(get_profile_etype_list(context, ktypes, "permitted_enctypes",
context->tgs_ktype_count,
- context->tgs_ktypes));
+ context->tgs_ktypes, 0));
}
krb5_boolean
diff --git a/src/lib/krb5/krb/str_conv.c b/src/lib/krb5/krb/str_conv.c
index 7041f618c..b2a37e880 100644
--- a/src/lib/krb5/krb/str_conv.c
+++ b/src/lib/krb5/krb/str_conv.c
@@ -500,7 +500,7 @@ krb5_timestamp_to_sfstring(timestamp, buffer, buflen, pad)
if (buflen >= sftime_default_len) {
sprintf(buffer, sftime_default_fmt,
tmp->tm_mday, tmp->tm_mon+1, 1900+tmp->tm_year,
- tmp->tm_hour, tmp->tm_min, tmp->tm_sec);
+ tmp->tm_hour, tmp->tm_min);
ndone = strlen(buffer);
}
}
diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c
index 4ca3b5399..c17af31e5 100644
--- a/src/lib/krb5/krb/t_ser.c
+++ b/src/lib/krb5/krb/t_ser.c
@@ -167,8 +167,10 @@ ser_data(verbose, msg, ctx, dtype)
krb5_encrypt_block *eblock;
eblock = (krb5_encrypt_block *) nctx;
+#if 0
if (eblock->priv && eblock->priv_size)
krb5_xfree(eblock->priv);
+#endif
if (eblock->key)
krb5_free_keyblock(ser_ctx, eblock->key);
krb5_xfree(eblock);
@@ -525,8 +527,10 @@ ser_eblock_test(kcontext, verbose)
krb5_use_enctype(kcontext, &eblock, DEFAULT_KDC_ENCTYPE);
if (!(kret = ser_data(verbose, "> NULL eblock",
(krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) {
+#if 0
eblock.priv = (krb5_pointer) stuff;
eblock.priv_size = 8;
+#endif
if (!(kret = ser_data(verbose, "> eblock with private data",
(krb5_pointer) &eblock,
KV5M_ENCRYPT_BLOCK))) {
@@ -676,9 +680,11 @@ main(argc, argv)
case 'C':
do_ctest = 1;
break;
+#if 0
case 'E':
do_etest = 1;
break;
+#endif
case 'K':
do_ktest = 1;
break;
@@ -737,12 +743,14 @@ main(argc, argv)
if (kret)
goto fail;
}
+#if 0 /* code to be tested is currently disabled */
if (do_etest) {
ch_err = 'e';
kret = ser_eblock_test(kcontext, verbose);
if (kret)
goto fail;
}
+#endif
if (do_ptest) {
ch_err = 'p';
kret = ser_princ_test(kcontext, verbose);
generated by cgit (git 2.34.1) at 2024-09-28 10:13:26 +0000