diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-02-21 18:57:44 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2012-06-25 18:56:26 -0400 |
| commit | 33af1767f876ff4a13f28513dede75e71544523f (patch) | |
| tree | b8c8be9950d69d1165a53dd1dfe2609bf197e23e /src/lib/krb5/asn.1/asn1_k_encode.c | |
| parent | ceb037a667a6411ebb56f67535cb0d76f9511e4c (diff) | |
| download | krb5-krb5-1.8.zip krb5-krb5-1.8.tar.gz krb5-krb5-1.8.tar.bz2 | |
Fix kvno ASN.1 encoding interop with Windows RODCskrb5-1.8
RFC 4120 defines the EncryptedData kvno field as an integer in the
range of unsigned 32-bit numbers. Windows encodes and decodes the
field as a signed 32-bit integer. Historically we do the same in our
encoder in 1.6 and prior, and in our decoder through 1.10. (Actually,
our decoder through 1.10 decoded the value as a long and then cast the
result to unsigned int, so it would accept positive values >= 2^31 on
64-bit platforms but not on 32-bit platforms.)
kvno values that large (or negative) are only likely to appear in the
context of Windows read-only domain controllers. So do what Windows
does instead of what RFC 4120 says.
(back ported from commit 7558fb3af9f9fdfb8195333c11a70ab7b354f82c)
Add test cases for Windows RODC kvno compatibility
(back ported from commit 8b33ff2daebcf3e4ccff6a938b410239b76ba287)
Eliminate trailing whitespace in trval output
Modify the trval output slightly so that the reference trval output
files don't containing trailing whitespace, to make them friendlier to
our git hooks. (The pkinit and ldap trval reference files now contain
a leading blank line, which isn't very elegant, but avoiding that
requires too much Makefile.in complexity.) Also correct a typo.
(back ported from cff6ea939f061d17a5742a04b8eeb2905c1813dc)
Restore some spaces in trval
This is a cosmetic change to reintroduce some space characters that
cff6ea939f061d17a5742a04b8eeb2905c1813dc removed, e.g. between the tag
and the length or short value.
(back ported from 0f976348054ca2f51187fe083a8c4668841f0b6d)
ticket: 7186 (new)
version_fixed: 1.8.7
status: resolved
Diffstat (limited to 'src/lib/krb5/asn.1/asn1_k_encode.c')
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_encode.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index a35f561..2fdd171 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -144,9 +144,23 @@ optional_encrypted_data (const void *vptr) return optional; } +/* + * Encode krb5_kvno as signed 32-bit for Windows RODC interop. (This is an + * inelegant backport; it's an alteration of the expansion of DEFINTTYPE(kvno, + * krb5_kvno).) + */ +typedef krb5_kvno aux_typedefname_kvno; +static asn1_intmax loadint_kvno(const void *p) +{ + return (krb5_int32)*(krb5_kvno *)p; +} +const struct atype_info krb5int_asn1type_kvno = { + atype_int, sizeof(krb5_kvno), 0, 0, 0, 0, 0, 0, 0, 0, + loadint_kvno, 0, +}; static const struct field_info encrypted_data_fields[] = { FIELDOF_NORM(krb5_enc_data, int32, enctype, 0), - FIELDOF_OPT(krb5_enc_data, uint, kvno, 1, 1), + FIELDOF_OPT(krb5_enc_data, kvno, kvno, 1, 1), FIELDOF_NORM(krb5_enc_data, ostring_data, ciphertext, 2), }; DEFSEQTYPE(encrypted_data, krb5_enc_data, encrypted_data_fields, |