diff options
| author | Keith Vetter <keithv@fusion.com> | 1995-09-11 19:06:45 +0000 |
|---|---|---|
| committer | Keith Vetter <keithv@fusion.com> | 1995-09-11 19:06:45 +0000 |
| commit | cdd6c33b9ae48076999e33ffa70e2365ecc5eb8c (patch) | |
| tree | 84682f14e77a844dfab2174318ebccb9067c829f /src/lib | |
| parent | a66029e852781fa0333dc92bd88bd8184f6feeb1 (diff) | |
| download | krb5-cdd6c33b9ae48076999e33ffa70e2365ecc5eb8c.zip krb5-cdd6c33b9ae48076999e33ffa70e2365ecc5eb8c.tar.gz krb5-cdd6c33b9ae48076999e33ffa70e2365ecc5eb8c.tar.bz2 | |
Mac Beta 1 submission
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6749 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
136 files changed, 1277 insertions, 806 deletions
diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index 55adaf2..ad0195a 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,14 +1,3 @@ -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) - - * cryptoconf.c, des_crc.c, des_md5.c raw_des.c - s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g - -Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) - - * cryptoconf.c : Remove krb5_csarray. - * cryptoconf.c, des_crc.c, des_md5.c, raw_des.c : Remove krb5_enctype - references, and replace with krb5_keytype where appropriate. - Thu Aug 24 17:55:47 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> * des_crc.c, des_md5.c, raw_des.c: Remove casting in call to diff --git a/src/lib/crypto/cryptoconf.c b/src/lib/crypto/cryptoconf.c index 53747ef..a5ac202 100644 --- a/src/lib/crypto/cryptoconf.c +++ b/src/lib/crypto/cryptoconf.c @@ -101,15 +101,28 @@ "krb5/encryption.h" */ -krb5_cs_table_entry * NEAR krb5_enctype_array[] = { - 0, /* ENCTYPE_NULL */ - DES_CBC_CRC_CSENTRY, /* ENCTYPE_DES_CBC_CRC */ - 0, /* ENCTYPE_DES_CBC_MD4 */ - DES_CBC_MD5_CSENTRY, /* ENCTYPE_DES_CBC_MD5 */ +krb5_cs_table_entry * NEAR krb5_csarray[] = { + 0, /* ETYPE_NULL */ + DES_CBC_CRC_CSENTRY, /* ETYPE_DES_CBC_CRC */ + 0, /* ETYPE_DES_CBC_MD4 */ + DES_CBC_MD5_CSENTRY, /* ETYPE_DES_CBC_MD5 */ RAW_DES_CBC_CSENTRY, /* ETYPE_RAW_DES_CBC */ }; -int krb5_max_enctype = sizeof(krb5_enctype_array)/sizeof(krb5_enctype_array[0]) - 1; +int krb5_max_cryptosystem = sizeof(krb5_csarray)/sizeof(krb5_csarray[0]) - 1; + +krb5_cs_table_entry * NEAR krb5_keytype_array[] = { + 0, /* KEYTYPE_NULL */ +#if defined(PROVIDE_DES_CBC_MD5) + DES_CBC_MD5_CSENTRY /* KEYTYPE_DES */ +#elif defined(PROVIDE_DES_CBC_CRC) + DES_CBC_CRC_CSENTRY /* KEYTYPE_DES */ +#else /* !PROVIDE_DES_CBC_MD5 && !PROVIDE_DES_CBC_CRC */ + 0 +#endif /* !PROVIDE_DES_CBC_MD5 && !PROVIDE_DES_CBC_CRC */ +}; + +int krb5_max_keytype = sizeof(krb5_keytype_array)/sizeof(krb5_keytype_array[0]) - 1; krb5_checksum_entry * NEAR krb5_cksumarray[] = { 0, diff --git a/src/lib/crypto/des/ChangeLog b/src/lib/crypto/des/ChangeLog index ba2beec..d2d40e8 100644 --- a/src/lib/crypto/des/ChangeLog +++ b/src/lib/crypto/des/ChangeLog @@ -1,15 +1,3 @@ -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) - - * des_int.h, destest.c, init_rkey.c, random_key.c, string2key.c - * verify.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g - -Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) - - * destest.c, random_key.c, string2key.c, verify.c : Remove krb5_enctype - references, and replace with krb5_keytype where appropriate. - * init_rkey.c (mit_des_init_random_key()), - * string2key.c (mit_des_string_to_key()) : Allow for any DES keytype. - Tue Aug 29 13:29:19 EDT 1995 Paul Park (pjpark@mit.edu) * process_key.c, finish_key.c - Set and use priv_size in the krb5_ diff --git a/src/lib/crypto/des/des_int.h b/src/lib/crypto/des/des_int.h index 97ca988..cd242a3 100644 --- a/src/lib/crypto/des/des_int.h +++ b/src/lib/crypto/des/des_int.h @@ -145,7 +145,7 @@ extern krb5_error_code mit_des_random_key /* string2key.c */ extern krb5_error_code mit_des_string_to_key - PROTOTYPE(( const krb5_encrypt_block FAR *, const krb5_enctype, + PROTOTYPE(( const krb5_encrypt_block FAR *, const krb5_keytype, krb5_keyblock FAR *, const krb5_data FAR *, const krb5_data FAR *)); /* weak_key.c */ diff --git a/src/lib/crypto/des/destest.c b/src/lib/crypto/des/destest.c index a1f9daf..0132fa2 100644 --- a/src/lib/crypto/des/destest.c +++ b/src/lib/crypto/des/destest.c @@ -58,9 +58,10 @@ char *argv[]; /* do some initialisation */ initialize_krb5_error_table(); - krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC); + krb5_use_cstype(context, &eblock, ETYPE_DES_CBC_CRC); keyblock.magic = KV5M_KEYBLOCK; - keyblock.enctype = ENCTYPE_DES_CBC_CRC; + keyblock.etype = ETYPE_DES_CBC_CRC; + keyblock.keytype = KEYTYPE_DES; keyblock.length = sizeof (mit_des_cblock); keyblock.contents = (krb5_octet *)key; diff --git a/src/lib/crypto/des/f_pcbc.c b/src/lib/crypto/des/f_pcbc.c index c69dac3..aae4a4a 100644 --- a/src/lib/crypto/des/f_pcbc.c +++ b/src/lib/crypto/des/f_pcbc.c @@ -11,6 +11,7 @@ * des_pcbc_encrypt.c - encrypt a string of characters in error propagation mode */ #include "des.h" +#include "des_int.h" #include "f_tables.h" /* diff --git a/src/lib/crypto/des/init_rkey.c b/src/lib/crypto/des/init_rkey.c index ca9483a..c240b9d 100644 --- a/src/lib/crypto/des/init_rkey.c +++ b/src/lib/crypto/des/init_rkey.c @@ -38,11 +38,8 @@ mit_des_init_random_key (seedblock, seed) krb5_pointer * seed; { mit_des_random_key_seed * p_seed; - if ((seedblock->enctype != ENCTYPE_DES_CBC_CRC) && - (seedblock->enctype != ENCTYPE_DES_CBC_MD4) && - (seedblock->enctype != ENCTYPE_DES_CBC_MD5) && - (seedblock->enctype != ENCTYPE_DES_CBC_RAW)) - return KRB5_BAD_ENCTYPE; + if (seedblock->keytype != KEYTYPE_DES) + return KRB5_BAD_KEYTYPE; if ( !(p_seed = (mit_des_random_key_seed *) malloc(sizeof(mit_des_random_key_seed))) ) return ENOMEM; diff --git a/src/lib/crypto/des/random_key.c b/src/lib/crypto/des/random_key.c index 3a8758f..bf5f60a 100644 --- a/src/lib/crypto/des/random_key.c +++ b/src/lib/crypto/des/random_key.c @@ -44,8 +44,9 @@ mit_des_random_key (eblock, seed, keyblock) return ENOMEM; } randkey->magic = KV5M_KEYBLOCK; + randkey->etype = eblock->crypto_entry->proto_enctype; randkey->length = sizeof(mit_des_cblock); - randkey->enctype = eblock->crypto_entry->proto_enctype; + randkey->keytype = KEYTYPE_DES; mit_des_new_random_key(randkey->contents, (mit_des_random_key_seed *) seed); *keyblock = randkey; return 0; diff --git a/src/lib/crypto/des/string2key.c b/src/lib/crypto/des/string2key.c index e5cddf0..166db5f 100644 --- a/src/lib/crypto/des/string2key.c +++ b/src/lib/crypto/des/string2key.c @@ -26,7 +26,7 @@ /* converts the string pointed to by "data" into an encryption key - of type "enctype". *keyblock is filled in with the key info; + of type "keytype". *keyblock is filled in with the key info; in particular, keyblock->contents is to be set to allocated storage. It is the responsibility of the caller to release this storage when the generated key no longer needed. @@ -35,15 +35,15 @@ algorithm. If the particular function called does not know how to make a - key of type "enctype", an error may be returned. + key of type "keytype", an error may be returned. returns: errors */ krb5_error_code -mit_des_string_to_key (eblock, enctype, keyblock, data, salt) +mit_des_string_to_key (eblock, keytype, keyblock, data, salt) const krb5_encrypt_block FAR * eblock; -const krb5_enctype enctype; +const krb5_keytype keytype; krb5_keyblock FAR * keyblock; const krb5_data FAR * data; const krb5_data FAR * salt; @@ -65,16 +65,16 @@ const krb5_data FAR * salt; #define min(A, B) ((A) < (B) ? (A): (B)) #endif - if ((enctype != ENCTYPE_DES_CBC_CRC) && (enctype != ENCTYPE_DES_CBC_MD4) && - (enctype != ENCTYPE_DES_CBC_MD5) && (enctype != ENCTYPE_DES_CBC_RAW)) - return (KRB5_PROG_ETYPE_NOSUPP); + if ( keytype != KEYTYPE_DES ) + return (KRB5_PROG_KEYTYPE_NOSUPP); if ( !(keyblock->contents = (krb5_octet *)malloc(sizeof(mit_des_cblock))) ) return(ENOMEM); keyblock->magic = KV5M_KEYBLOCK; + keyblock->etype = eblock->crypto_entry->proto_enctype; + keyblock->keytype = KEYTYPE_DES; keyblock->length = sizeof(mit_des_cblock); - keyblock->enctype = eblock->crypto_entry->proto_enctype; key = keyblock->contents; if (salt) diff --git a/src/lib/crypto/des/verify.c b/src/lib/crypto/des/verify.c index 7ae08c7..117d188 100644 --- a/src/lib/crypto/des/verify.c +++ b/src/lib/crypto/des/verify.c @@ -148,9 +148,9 @@ main(argc,argv) /* do some initialisation */ initialize_krb5_error_table(); - krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_CRC); - keyblock.enctype = ENCTYPE_DES_CBC_CRC; - keyblock.length = sizeof(mit_des_cblock); + krb5_use_cstype(context, &eblock, ETYPE_DES_CBC_CRC); + keyblock.keytype = KEYTYPE_DES; + keyblock.length = sizeof (mit_des_cblock); /* use known input and key */ diff --git a/src/lib/crypto/des_crc.c b/src/lib/crypto/des_crc.c index 02dfb34..f6c5d22 100644 --- a/src/lib/crypto/des_crc.c +++ b/src/lib/crypto/des_crc.c @@ -47,7 +47,8 @@ static krb5_cryptosystem_entry mit_des_crc_cryptosystem_entry = { sizeof(mit_des_cblock), CRC32_CKSUM_LENGTH+sizeof(mit_des_cblock), sizeof(mit_des_cblock), - ENCTYPE_DES_CBC_CRC + ETYPE_DES_CBC_CRC, + KEYTYPE_DES }; krb5_cs_table_entry krb5_des_crc_cst_entry = { diff --git a/src/lib/crypto/des_md5.c b/src/lib/crypto/des_md5.c index d365c2b..c84d958 100644 --- a/src/lib/crypto/des_md5.c +++ b/src/lib/crypto/des_md5.c @@ -48,7 +48,8 @@ static krb5_cryptosystem_entry mit_des_md5_cryptosystem_entry = { sizeof(mit_des_cblock), RSA_MD5_CKSUM_LENGTH+sizeof(mit_des_cblock), sizeof(mit_des_cblock), - ENCTYPE_DES_CBC_MD5 + ETYPE_DES_CBC_MD5, + KEYTYPE_DES }; krb5_cs_table_entry krb5_des_md5_cst_entry = { diff --git a/src/lib/crypto/md4/ChangeLog b/src/lib/crypto/md4/ChangeLog index 9fdbe69..ddabf83 100644 --- a/src/lib/crypto/md4/ChangeLog +++ b/src/lib/crypto/md4/ChangeLog @@ -1,10 +1,3 @@ -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) - - * md4crypto.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g - -Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) - - * md4crypto.c : Replace KEYTYPE_DES_CBC_MD4 for KEYTYPE_DES. Thu Jul 27 15:22:17 EDT 1995 Paul Park (pjpark@mit.edu) * rsa-md4.h - Don't include k5-config.h. No longer present or needed. diff --git a/src/lib/crypto/md4/md4crypto.c b/src/lib/crypto/md4/md4crypto.c index 5b349a0..248f176 100644 --- a/src/lib/crypto/md4/md4crypto.c +++ b/src/lib/crypto/md4/md4crypto.c @@ -91,7 +91,7 @@ krb5_checksum FAR *outcksum; keyblock.length = seed_length; keyblock.contents = (krb5_octet *)seed; - keyblock.enctype = ENCTYPE_DES_CBC_MD4; + keyblock.keytype = KEYTYPE_DES; if ((retval = mit_des_process_key(&eblock, &keyblock))) return retval; @@ -162,7 +162,7 @@ krb5_checksum FAR *outcksum; keyblock.length = sizeof(mit_des_cblock); keyblock.contents = (krb5_octet *) tmpkey; - keyblock.enctype = ENCTYPE_DES_CBC_MD4; + keyblock.keytype = KEYTYPE_DES; if ((retval = mit_des_process_key(&eblock, &keyblock))) return retval; @@ -229,7 +229,7 @@ size_t seed_length; /* Use the key "as-is" */ keyblock.length = seed_length; keyblock.contents = (krb5_octet *) seed; - keyblock.enctype = ENCTYPE_DES_CBC_MD4; + keyblock.keytype = KEYTYPE_DES; if ((retval = mit_des_process_key(&eblock, &keyblock))) return retval; @@ -272,7 +272,7 @@ size_t seed_length; keyblock.length = sizeof(mit_des_cblock); keyblock.contents = (krb5_octet *) tmpkey; - keyblock.enctype = ENCTYPE_DES_CBC_MD4; + keyblock.keytype = KEYTYPE_DES; if ((retval = mit_des_process_key(&eblock, &keyblock))) return retval; diff --git a/src/lib/crypto/md5/ChangeLog b/src/lib/crypto/md5/ChangeLog index 383ac7c..6886802 100644 --- a/src/lib/crypto/md5/ChangeLog +++ b/src/lib/crypto/md5/ChangeLog @@ -1,14 +1,3 @@ -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) - - * md5crypto.c, t_cksum.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g - -Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) - - * md5crypto.c : Replace KEYTYPE_DES_CBC_MD5 for KEYTYPE_DES. - - * t_cksum.c : Remove krb5_enctype references, and replace with - krb5_keytype where appropriate. - Thu Aug 24 18:40:48 1995 Theodore Y. Ts'o <tytso@dcl> * .Sanitize: Update file list diff --git a/src/lib/crypto/md5/md5crypto.c b/src/lib/crypto/md5/md5crypto.c index 0c2c49c..1254fd8 100644 --- a/src/lib/crypto/md5/md5crypto.c +++ b/src/lib/crypto/md5/md5crypto.c @@ -61,7 +61,7 @@ krb5_checksum FAR *outcksum; keyblock.length = seed_length; keyblock.contents = (krb5_octet *)seed; - keyblock.enctype = ENCTYPE_DES_CBC_MD5; + keyblock.keytype = KEYTYPE_DES; if ((retval = mit_des_process_key(&eblock, &keyblock))) return retval; @@ -129,7 +129,7 @@ krb5_checksum FAR *outcksum; keyblock.length = sizeof(mit_des_cblock); keyblock.contents = (krb5_octet *) tmpkey; - keyblock.enctype = ENCTYPE_DES_CBC_MD5; + keyblock.keytype = KEYTYPE_DES; if ((retval = mit_des_process_key(&eblock, &keyblock))) return retval; @@ -196,7 +196,7 @@ size_t seed_length; /* Use the key "as-is" */ keyblock.length = seed_length; keyblock.contents = (krb5_octet *) seed; - keyblock.enctype = ENCTYPE_DES_CBC_MD5; + keyblock.keytype = KEYTYPE_DES; if ((retval = mit_des_process_key(&eblock, &keyblock))) return retval; @@ -239,7 +239,7 @@ size_t seed_length; keyblock.length = sizeof(mit_des_cblock); keyblock.contents = (krb5_octet *) tmpkey; - keyblock.enctype = ENCTYPE_DES_CBC_MD5; + keyblock.keytype = KEYTYPE_DES; if ((retval = mit_des_process_key(&eblock, &keyblock))) return retval; diff --git a/src/lib/crypto/md5/t_cksum.c b/src/lib/crypto/md5/t_cksum.c index dabf925..6b08144 100644 --- a/src/lib/crypto/md5/t_cksum.c +++ b/src/lib/crypto/md5/t_cksum.c @@ -104,9 +104,9 @@ main(int argc, char *argv[]) pwd = "test password"; pwdata.length = strlen(pwd); pwdata.data = pwd; - krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE); + krb5_use_cstype(kcontext, &encblock, DEFAULT_KDC_ETYPE); if (kret = mit_des_string_to_key(&encblock, - DEFAULT_KDC_ENCTYPE, + KEYTYPE_DES, &keyblock, &pwdata, (krb5_data *) NULL)) { diff --git a/src/lib/crypto/os/ChangeLog b/src/lib/crypto/os/ChangeLog index 15e4128..e459406 100644 --- a/src/lib/crypto/os/ChangeLog +++ b/src/lib/crypto/os/ChangeLog @@ -1,8 +1,6 @@ -Thu Sep 7 12:00:00 1995 James Mattly <mattly@fusion.com> +Sun Sep 10 12:00:00 1995 James Mattly <mattly@fusion.com> - * Renamed localaddr.c to c_localaddr.c because Mac can't have - two files with the same name. - * Makefile.in, .Sanitize updated for the above change. + * renamed ustime.c to c_ustime.c Thu Aug 24 18:40:48 1995 Theodore Y. Ts'o <tytso@dcl> diff --git a/src/lib/crypto/os/Makefile.in b/src/lib/crypto/os/Makefile.in index 5b8894f..12d5ad8 100644 --- a/src/lib/crypto/os/Makefile.in +++ b/src/lib/crypto/os/Makefile.in @@ -10,9 +10,9 @@ LIBOBJS = @LIBOBJS@ $(CC) $(CFLAGS) -c $(srcdir)/$*.c @SHARED_RULE@ -OBJS= rnd_confoun.$(OBJEXT) c_localaddr.$(OBJEXT) ustime.$(OBJEXT) $(LIBOBJS) +OBJS= rnd_confoun.$(OBJEXT) c_localaddr.$(OBJEXT) c_ustime.$(OBJEXT) $(LIBOBJS) -SRCS= rnd_confoun.c c_localaddr.c ustime.c +SRCS= rnd_confoun.c c_localaddr.c c_ustime.c all:: all-$(WHAT) diff --git a/src/lib/crypto/os/c_localaddr.c b/src/lib/crypto/os/c_localaddr.c index be8a98b..7ab153a 100644 --- a/src/lib/crypto/os/c_localaddr.c +++ b/src/lib/crypto/os/c_localaddr.c @@ -1,5 +1,5 @@ /* - * lib/crypto/os/c_localaddr.c + * lib/crypto/os/localaddr.c * * Copyright 1990,1991 by the Massachusetts Institute of Technology. * All Rights Reserved. diff --git a/src/lib/crypto/os/ustime.c b/src/lib/crypto/os/c_ustime.c index 0cd3844..3ab6b94 100644 --- a/src/lib/crypto/os/ustime.c +++ b/src/lib/crypto/os/c_ustime.c @@ -28,6 +28,7 @@ #include "k5-int.h" #ifdef _MACINTOSH + /* We're a Macintosh -- do Mac time things. */ /* @@ -50,38 +51,39 @@ #include <string.h> #include <stddef.h> - /******************************* - The Unix epoch is 1/1/70, the Mac epoch is 1/1/04. - - 70 - 4 = 66 year differential - - Thus the offset is: - - (66 yrs) * (365 days/yr) * (24 hours/day) * (60 mins/hour) * (60 secs/min) - plus - (17 leap days) * (24 hours/day) * (60 mins/hour) * (60 secs/min) +static krb5_int32 last_sec = 0, last_usec = 0; - Don't forget the offset from GMT. - *******************************/ +/* + * The Unix epoch is 1/1/70, the Mac epoch is 1/1/04. + * + * 70 - 4 = 66 year differential + * + * Thus the offset is: + * + * (66 yrs) * (365 days/yr) * (24 hours/day) * (60 mins/hour) * (60 secs/min) + * plus + * (17 leap days) * (24 hours/day) * (60 mins/hour) * (60 secs/min) + * + * Don't forget the offset from GMT. + */ /* returns the offset in hours between the mac local time and the GMT */ /* unsigned krb5_int32 */ krb5_int32 getTimeZoneOffset() { - MachineLocation macLocation; - long gmtDelta; - - macLocation.u.gmtDelta=0L; - ReadLocation(&macLocation); - gmtDelta=macLocation.u.gmtDelta & 0x00FFFFFF; - if (BitTst((void *)&gmtDelta,23L)) gmtDelta |= 0xFF000000; - gmtDelta /= 3600L; - return(gmtDelta); + MachineLocation macLocation; + long gmtDelta; + + macLocation.u.gmtDelta=0L; + ReadLocation(&macLocation); + gmtDelta=macLocation.u.gmtDelta & 0x00FFFFFF; + if (BitTst((void *)&gmtDelta,23L)) + gmtDelta |= 0xFF000000; + gmtDelta /= 3600L; + return(gmtDelta); } -static krb5_int32 last_sec = 0, last_usec = 0; - /* Returns the GMT in seconds (and fake microseconds) using the Unix epoch */ krb5_error_code INTERFACE @@ -90,16 +92,13 @@ krb5_crypto_us_timeofday(seconds, microseconds) { krb5_int32 sec, usec; time_t the_time; - struct tm *gtime, *ltime; -// GetDateTime (&the_time); - time(&the_time); -// gtime = gmtime(&the_time); -// ltime = localtime(&the_time); + GetDateTime (&the_time); + sec = the_time - - ((66 * 365 * 24 * 60 * 60) + - (17 * 24 * 60 * 60) + - (getTimeZoneOffset() * 60 * 60)); + ((66 * 365 * 24 * 60 * 60) + (17 * 24 * 60 * 60) + + (getTimeZoneOffset() * 60 * 60)); + usec = 0; /* Mac is too slow to count faster than once a second */ if ((sec == last_sec) && (usec == last_usec)) { @@ -109,107 +108,22 @@ krb5_crypto_us_timeofday(seconds, microseconds) } sec = last_sec; usec = last_usec; - } else + } + else { last_sec = sec; last_usec = usec; - + } + *seconds = sec; *microseconds = usec; return 0; } -#if 0 - -int -gettimeofdaynet (struct timeval *tp, struct timezone *tz) -{ - tp->tv_sec = gettimeofdaynet_no_offset(); - return 0; -} - - -#define TIME_PORT 37 -#define TM_OFFSET 2208988800 - -/* - * - * get_net_offset () -- Use UDP time protocol to figure out the - * offset between what the Mac thinks the time is an what - * the network thinks. - * - */ -int -get_net_offset() -{ - time_t tv; - char buf[512],ts[256]; - long *nettime; - int attempts, cc, time_port; - long unixtime; - char realm[REALM_SZ]; - ip_addr fromaddr; - unsigned short fromport; - int result; - - nettime = (long *)buf; - time_port = TIME_PORT; - - cc = sizeof(buf); - result = hosts_send_recv(ts, 1, buf, &cc, "", time_port); - time (&tv); - - if (result!=KSUCCESS || cc<4) { - net_offset = 0; - if (!result) result = 100; - return result; - } - - unixtime = (long) ntohl(*nettime) - TM_OFFSET; - - tv -= 66 * 365 * 24 * 60 * 60 - + 17 * 60 * 60 * 24; /* Convert to unix time w/o offset */ - net_offset = unixtime - tv; - net_got_offset = 1; - - return 0; -} - -#endif /* 0 */ - -#else /* HAVE_MACSOCK_H */ -#ifndef _MSDOS -/* We're a Unix machine -- do Unix time things. */ - -extern int errno; - -static struct timeval last_tv = {0, 0}; -krb5_error_code INTERFACE -krb5_crypto_us_timeofday(seconds, microseconds) - register krb5_int32 *seconds, *microseconds; -{ - struct timeval tv; +#elif defined (_MSDOS) - if (gettimeofday(&tv, (struct timezone *)0) == -1) { - /* failed, return errno */ - return (krb5_error_code) errno; - } - if ((tv.tv_sec == last_tv.tv_sec) && (tv.tv_usec == last_tv.tv_usec)) { - if (++last_tv.tv_usec >= 1000000) { - last_tv.tv_usec = 0; - last_tv.tv_sec++; - } - tv = last_tv; - } else - last_tv = tv; - - *seconds = tv.tv_sec; - *microseconds = tv.tv_usec; - return 0; -} -#else /* DOS version */ /* * Originally written by John Gilmore, Cygnus Support, May '94. * Public Domain. @@ -257,6 +171,8 @@ register krb5_int32 *seconds, *microseconds; return 0; } + + static time_t win_gettime () { struct tm tm; @@ -299,6 +215,8 @@ win_gettime () { return time + convert; } + + /* * This routine figures out the current time epoch and returns the * conversion factor. It exists because @@ -323,5 +241,38 @@ win_time_get_epoch() return epoch; } -#endif /* MSDOS */ -#endif /* HAVE_MACSOCK_H */ + +#else + + +/* We're a Unix machine -- do Unix time things. */ + +extern int errno; + +static struct timeval last_tv = {0, 0}; + +krb5_error_code INTERFACE +krb5_crypto_us_timeofday(seconds, microseconds) + register krb5_int32 *seconds, *microseconds; +{ + struct timeval tv; + + if (gettimeofday(&tv, (struct timezone *)0) == -1) { + /* failed, return errno */ + return (krb5_error_code) errno; + } + if ((tv.tv_sec == last_tv.tv_sec) && (tv.tv_usec == last_tv.tv_usec)) { + if (++last_tv.tv_usec >= 1000000) { + last_tv.tv_usec = 0; + last_tv.tv_sec++; + } + tv = last_tv; + } else + last_tv = tv; + + *seconds = tv.tv_sec; + *microseconds = tv.tv_usec; + return 0; +} + +#endif diff --git a/src/lib/crypto/raw_des.c b/src/lib/crypto/raw_des.c index 7948ba6..9922dbf 100644 --- a/src/lib/crypto/raw_des.c +++ b/src/lib/crypto/raw_des.c @@ -45,7 +45,8 @@ static krb5_cryptosystem_entry mit_raw_des_cryptosystem_entry = { sizeof(mit_des_cblock), 0, sizeof(mit_des_cblock), - ENCTYPE_DES_CBC_RAW + ETYPE_RAW_DES_CBC, + KEYTYPE_DES }; krb5_cs_table_entry krb5_raw_des_cst_entry = { diff --git a/src/lib/des425/ChangeLog b/src/lib/des425/ChangeLog index 8851b64..b0d2207 100644 --- a/src/lib/des425/ChangeLog +++ b/src/lib/des425/ChangeLog @@ -1,7 +1,3 @@ -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) - - * string2key.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g - Thu Aug 24 18:51:53 1995 Theodore Y. Ts'o <tytso@dcl> * .Sanitize: Update file list diff --git a/src/lib/des425/string2key.c b/src/lib/des425/string2key.c index 58ed9a3..89c8169 100644 --- a/src/lib/des425/string2key.c +++ b/src/lib/des425/string2key.c @@ -35,7 +35,7 @@ extern int des_debug; /* converts the string pointed to by "data" into an encryption key - of type "enctype". *keyblock is filled in with the key info; + of type "keytype". *keyblock is filled in with the key info; in particular, keyblock->contents is to be set to allocated storage. It is the responsibility of the caller to release this storage when the generated key no longer needed. @@ -44,13 +44,13 @@ extern int des_debug; algorithm. If the particular function called does not know how to make a - key of type "enctype", an error may be returned. + key of type "keytype", an error may be returned. returns: errors */ -krb5_error_code mit_des_string_to_key (enctype, keyblock, data, princ) - const krb5_enctype enctype; +krb5_error_code mit_des_string_to_key (keytype, keyblock, data, princ) + const krb5_keytype keytype; krb5_keyblock * keyblock; const krb5_data * data; krb5_const_principal princ; @@ -71,8 +71,8 @@ krb5_error_code mit_des_string_to_key (enctype, keyblock, data, princ) #define min(A, B) ((A) < (B) ? (A): (B)) - if ( enctype != ENCTYPE_DES ) - return (KRB5_PROG_ENCTYPE_NOSUPP); + if ( keytype != KEYTYPE_DES ) + return (KRB5_PROG_KEYTYPE_NOSUPP); if ( !(keyblock->contents = (krb5_octet *)malloc(sizeof(mit_des_cblock))) ) return(ENOMEM); @@ -80,7 +80,7 @@ krb5_error_code mit_des_string_to_key (enctype, keyblock, data, princ) #define cleanup() {memset(keyblock->contents, 0, sizeof(mit_des_cblock));\ krb5_xfree(keyblock->contents);} - keyblock->enctype = ENCTYPE_DES; + keyblock->keytype = KEYTYPE_DES; keyblock->length = sizeof(mit_des_cblock); key = keyblock->contents; diff --git a/src/lib/gssapi/generic/ChangeLog b/src/lib/gssapi/generic/ChangeLog index 89f7986..07a00ad 100644 --- a/src/lib/gssapi/generic/ChangeLog +++ b/src/lib/gssapi/generic/ChangeLog @@ -1,3 +1,10 @@ +Wed Sep 6 12:00:00 1995 James Mattly <mattly@fusion.com> + * gssapiP_generic.h: changed a path bearing include for MACINTOSH + * gssapi_generic.h: changed a path bearing include for MACINTOSH + * util_cannonhost.h: changed a path bearing include for MACINTOSH + * utl_nohash_validate.h: changed a path bearing include for MACINTOSH, + also we don't have limits.h + Thu Aug 31 11:43:59 EDT 1995 Paul Park (pjpark@mit.edu) * gssapi.h - Update to V2 API. Also use autoconf.h if USE_AUTOCONF_H diff --git a/src/lib/gssapi/generic/gssapiP_generic.h b/src/lib/gssapi/generic/gssapiP_generic.h index ab7eddf..80fd082 100644 --- a/src/lib/gssapi/generic/gssapiP_generic.h +++ b/src/lib/gssapi/generic/gssapiP_generic.h @@ -28,7 +28,9 @@ #include "gssapi_err_generic.h" #include <errno.h> +#ifndef _MACINTOSH #include <sys/types.h> +#endif /** helper macros **/ diff --git a/src/lib/gssapi/generic/gssapi_generic.h b/src/lib/gssapi/generic/gssapi_generic.h index 9073840..462414d 100644 --- a/src/lib/gssapi/generic/gssapi_generic.h +++ b/src/lib/gssapi/generic/gssapi_generic.h @@ -23,7 +23,11 @@ #ifndef _GSSAPI_GENERIC_H_ #define _GSSAPI_GENERIC_H_ +#ifndef _MACINTOSH #include <gssapi/gssapi.h> +#else +#include <gssapi.h> +#endif extern const gss_OID_desc FAR * const gss_nt_user_name; extern const gss_OID_desc FAR * const gss_nt_machine_uid_name; diff --git a/src/lib/gssapi/generic/util_canonhost.c b/src/lib/gssapi/generic/util_canonhost.c index 712d0ee..896b950 100644 --- a/src/lib/gssapi/generic/util_canonhost.c +++ b/src/lib/gssapi/generic/util_canonhost.c @@ -24,7 +24,9 @@ #define NEED_SOCKETS #include "gssapiP_generic.h" +#ifndef _MACINTOSH #include <sys/types.h> +#endif #include <ctype.h> #include <string.h> diff --git a/src/lib/gssapi/generic/utl_nohash_validate.c b/src/lib/gssapi/generic/utl_nohash_validate.c index eaa83d3..4cd94ca 100644 --- a/src/lib/gssapi/generic/utl_nohash_validate.c +++ b/src/lib/gssapi/generic/utl_nohash_validate.c @@ -26,8 +26,10 @@ #include "gssapiP_generic.h" +#ifndef _MACINTOSH #include <sys/types.h> #include <limits.h> +#endif /* functions for each type */ diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 7944431..d541e3f 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,13 @@ +Wed Sep 6 12:00:00 1995 James Mattly <mattly@fusion.com> + + * gssapi_krb5.h: changed a path bearing include for MACINTOSH + + * accept_sec_context.c: changed a path bearing include for MACINTOSH + + * k5seal.c: changed a path bearing include for MACINTOSH + + * k5unseal.c: changed a path bearing include for MACINTOSH + Sat Sep 9 00:16:34 1995 Theodore Y. Ts'o <tytso@dcl> * krb5_gss_glue.c (gss_delete_sec_context): Add extra indirection diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 55b0eb6..725a67d 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -21,7 +21,11 @@ */ #include "gssapiP_krb5.h" +#ifndef _MACINTOSH +#include <krb5/rsa-md5.h> +#else #include "rsa-md5.h" +#endif #include <memory.h> OM_uint32 @@ -248,7 +252,7 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle, /* fill in the encryption descriptors */ - krb5_use_enctype(context, &ctx->enc.eblock, ENCTYPE_DES_CBC_RAW); + krb5_use_cstype(context, &ctx->enc.eblock, ETYPE_RAW_DES_CBC); ctx->enc.processed = 0; if (code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc.key)) return(code); @@ -256,7 +260,7 @@ krb5_gss_accept_sec_context(context, minor_status, context_handle, /*SUPPRESS 113*/ ctx->enc.key->contents[i] ^= 0xf0; - krb5_use_enctype(context, &ctx->seq.eblock, ENCTYPE_DES_CBC_RAW); + krb5_use_cstype(context, &ctx->seq.eblock, ETYPE_RAW_DES_CBC); ctx->seq.processed = 0; ctx->seq.key = ctx->subkey; diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index dc109f1..6d6a1a3 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -35,7 +35,11 @@ #endif /* this must be after "krb5.h", since krb5 #defines xfree(), too */ +#ifndef _MACINTOSH #include "../generic/gssapiP_generic.h" +#else +#include "gssapiP_generic.h" +#endif #include "gssapi_krb5.h" #include "gssapi_err_krb5.h" diff --git a/src/lib/gssapi/krb5/gssapi_krb5.h b/src/lib/gssapi/krb5/gssapi_krb5.h index ef84772..450081d 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.h +++ b/src/lib/gssapi/krb5/gssapi_krb5.h @@ -23,7 +23,11 @@ #ifndef _GSSAPI_KRB5_H_ #define _GSSAPI_KRB5_H_ +#ifndef _MACINTOSH #include <gssapi/gssapi_generic.h> +#else +#include <gssapi_generic.h> +#endif #include "krb5.h" extern const gss_OID_desc * const gss_mech_krb5; diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index bcd999a..41c12db 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -294,7 +294,7 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle, /* the encryption key is the session key XOR 0xf0f0f0f0f0f0f0f0 */ - krb5_use_enctype(context, &ctx->enc.eblock, ENCTYPE_DES_CBC_RAW); + krb5_use_cstype(context, &ctx->enc.eblock, ETYPE_RAW_DES_CBC); ctx->enc.processed = 0; if (code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc.key)) return(code); @@ -302,7 +302,7 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle, /*SUPPRESS 113*/ ctx->enc.key->contents[i] ^= 0xf0; - krb5_use_enctype(context, &ctx->seq.eblock, ENCTYPE_DES_CBC_RAW); + krb5_use_cstype(context, &ctx->seq.eblock, ETYPE_RAW_DES_CBC); ctx->seq.processed = 0; ctx->seq.key = ctx->subkey; diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index 3877017..cbf4ae7 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -21,7 +21,11 @@ */ #include "gssapiP_krb5.h" +#ifndef _MACINTOSH +#include <krb5/rsa-md5.h> +#else #include "rsa-md5.h" +#endif static krb5_error_code make_seal_token(context, enc_ed, seq_ed, seqnum, direction, text, token, diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index a50c4cb..350bcb8 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -22,7 +22,11 @@ #include "gssapiP_krb5.h" #include <memory.h> +#ifndef _MACINTOSH +#include <krb5/rsa-md5.h> +#else #include "rsa-md5.h" +#endif /* message_buffer is an input if SIGN, output if SEAL, and ignored if DEL_CTX conf_state is only valid if SEAL. diff --git a/src/lib/gssapi/krb5/util_seed.c b/src/lib/gssapi/krb5/util_seed.c index ed60922..8792b8b 100644 --- a/src/lib/gssapi/krb5/util_seed.c +++ b/src/lib/gssapi/krb5/util_seed.c @@ -45,7 +45,7 @@ kg_make_seed(key, seed) for (i=0; i<ed.key->length; i++) ed.key->contents[i] = key->contents[key->length - 1 - i]; - krb5_use_enctype(kg_context, &ed.eblock, ENCTYPE_DES_CBC_RAW); + krb5_use_cstype(kg_context, &ed.eblock, ETYPE_RAW_DES_CBC); ed.processed = 0; code = kg_encrypt(&ed, NULL, zeros, seed, 16); diff --git a/src/lib/kadm/adm_conn.c b/src/lib/kadm/adm_conn.c index 6b46737..9de8e62 100644 --- a/src/lib/kadm/adm_conn.c +++ b/src/lib/kadm/adm_conn.c @@ -131,7 +131,11 @@ kadm_get_ccache(kcontext, user, ccname, ccache, client) strcpy (new_cache, "FILE:"); GetTempFileName (0, "tkt", 0, new_cache+5); #else +#ifdef _MACINTOSH + (void) sprintf(new_cache, "STDIO:admcc"); +#else (void) sprintf(new_cache, kadm_cache_name_fmt, getpid()); +#endif /* _MACINTOSH */ #endif /* _WINDOWS */ } else @@ -235,10 +239,8 @@ kadm_get_creds(kcontext, ccache, client, creds, prompt, oldpw, tlife) &old_pwsize)) goto cleanup; } - if (kret = krb5_timeofday(kcontext, &jetzt)) goto cleanup; - if (tlife > 0) creds->times.endtime = jetzt + tlife; else @@ -414,7 +416,7 @@ kadm_contact_server(kcontext, realmp, sockp, local, remote) in_remote.sin_port = htons((u_short) pport); /* Open a tcp socket */ - *sockp = socket(PF_INET, SOCK_STREAM, 0); + *sockp = (int) socket(PF_INET, SOCK_STREAM, 0); if (*sockp < 0) { kret = SOCKET_ERRNO; goto cleanup; @@ -434,7 +436,7 @@ kadm_contact_server(kcontext, realmp, sockp, local, remote) /* Find out local address */ addr_len = sizeof(in_local); - if (getsockname(*sockp, + if (getsockname((SOCKET) *sockp, (struct sockaddr *) &in_local, &addr_len) < 0) { /* Couldn't get our local address? */ @@ -495,7 +497,7 @@ kadm_contact_server(kcontext, realmp, sockp, local, remote) sizeof(in_remote.sin_addr)); /* Open a tcp socket */ - *sockp = socket(PF_INET, SOCK_STREAM, 0); + *sockp = (int) socket(PF_INET, SOCK_STREAM, 0); if (*sockp < 0) { kret = SOCKET_ERRNO; goto cleanup; @@ -513,7 +515,7 @@ kadm_contact_server(kcontext, realmp, sockp, local, remote) /* Find out local address */ addr_len = sizeof(in_local); - if (getsockname(*sockp, + if (getsockname((SOCKET)*sockp, (struct sockaddr *) &in_local, &addr_len) < 0) { kret = SOCKET_ERRNO; diff --git a/src/lib/kadm/adm_kt_dec.c b/src/lib/kadm/adm_kt_dec.c index 7886a70..8140af2 100644 --- a/src/lib/kadm/adm_kt_dec.c +++ b/src/lib/kadm/adm_kt_dec.c @@ -88,13 +88,25 @@ krb5_adm_proto_to_ktent(kcontext, ncomp, complist, ktentp) ((krb5_int32) ((unsigned char) v[2]) << 8) + ((krb5_int32) ((unsigned char) v[3]))); - /* Parse the supplied key_enctype */ - if (complist[KRB5_ADM_KT_KEY_ENCTYPE].length < sizeof(krb5_enctype)) { + /* Parse the supplied key_keytype */ + if (complist[KRB5_ADM_KT_KEY_KEYTYPE].length < sizeof(krb5_keytype)) { kret = EINVAL; goto done; } - v = complist[KRB5_ADM_KT_KEY_ENCTYPE].data; - ktentp->key.enctype = (krb5_enctype) + v = complist[KRB5_ADM_KT_KEY_KEYTYPE].data; + ktentp->key.keytype = (krb5_keytype) + (((krb5_int32) ((unsigned char) v[0]) << 24) + + ((krb5_int32) ((unsigned char) v[1]) << 16) + + ((krb5_int32) ((unsigned char) v[2]) << 8) + + ((krb5_int32) ((unsigned char) v[3]))); + + /* Parse the supplied key_etype */ + if (complist[KRB5_ADM_KT_KEY_ETYPE].length < sizeof(krb5_enctype)) { + kret = EINVAL; + goto done; + } + v = complist[KRB5_ADM_KT_KEY_ETYPE].data; + ktentp->key.etype = (krb5_enctype) (((krb5_int32) ((unsigned char) v[0]) << 24) + ((krb5_int32) ((unsigned char) v[1]) << 16) + ((krb5_int32) ((unsigned char) v[2]) << 8) + diff --git a/src/lib/kadm/adm_kt_enc.c b/src/lib/kadm/adm_kt_enc.c index d7dc65a..0d85687 100644 --- a/src/lib/kadm/adm_kt_enc.c +++ b/src/lib/kadm/adm_kt_enc.c @@ -106,19 +106,40 @@ krb5_adm_ktent_to_proto(kcontext, ktentp, ncompp, complistp) } /* - * Fill in key_enctype. + * Fill in key_keytype. */ - if (clist[KRB5_ADM_KT_KEY_ENCTYPE].data = + if (clist[KRB5_ADM_KT_KEY_KEYTYPE].data = (char *) malloc(sizeof(krb5_ui_4))) { - clist[KRB5_ADM_KT_KEY_ENCTYPE].length = sizeof(krb5_ui_4); - clist[KRB5_ADM_KT_KEY_ENCTYPE].data[0] = - (ktentp->key.enctype >> 24) & 0xff; - clist[KRB5_ADM_KT_KEY_ENCTYPE].data[1] = - (ktentp->key.enctype >> 16) & 0xff; - clist[KRB5_ADM_KT_KEY_ENCTYPE].data[2] = - (ktentp->key.enctype >> 8) & 0xff; - clist[KRB5_ADM_KT_KEY_ENCTYPE].data[3] = - ktentp->key.enctype & 0xff; + clist[KRB5_ADM_KT_KEY_KEYTYPE].length = sizeof(krb5_ui_4); + clist[KRB5_ADM_KT_KEY_KEYTYPE].data[0] = + (ktentp->key.keytype >> 24) & 0xff; + clist[KRB5_ADM_KT_KEY_KEYTYPE].data[1] = + (ktentp->key.keytype >> 16) & 0xff; + clist[KRB5_ADM_KT_KEY_KEYTYPE].data[2] = + (ktentp->key.keytype >> 8) & 0xff; + clist[KRB5_ADM_KT_KEY_KEYTYPE].data[3] = + ktentp->key.keytype & 0xff; + nents++; + } + else { + kret = ENOMEM; + goto done; + } + + /* + * Fill in key_etype. + */ + if (clist[KRB5_ADM_KT_KEY_ETYPE].data = + (char *) malloc(sizeof(krb5_ui_4))) { + clist[KRB5_ADM_KT_KEY_ETYPE].length = sizeof(krb5_ui_4); + clist[KRB5_ADM_KT_KEY_ETYPE].data[0] = + (ktentp->key.etype >> 24) & 0xff; + clist[KRB5_ADM_KT_KEY_ETYPE].data[1] = + (ktentp->key.etype >> 16) & 0xff; + clist[KRB5_ADM_KT_KEY_ETYPE].data[2] = + (ktentp->key.etype >> 8) & 0xff; + clist[KRB5_ADM_KT_KEY_ETYPE].data[3] = + ktentp->key.etype & 0xff; nents++; } else { diff --git a/src/lib/kadm/alt_prof.c b/src/lib/kadm/alt_prof.c index f51be42..10645f5 100644 --- a/src/lib/kadm/alt_prof.c +++ b/src/lib/kadm/alt_prof.c @@ -333,6 +333,14 @@ krb5_read_realm_params(kcontext, realm, kdcprofile, kdcenv, rparamp) /* Get the value for the master key type */ hierarchy[2] = "master_key_type"; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + if (!krb5_string_to_keytype(svalue, &rparams->realm_keytype)) + rparams->realm_keytype_valid = 1; + krb5_xfree(svalue); + } + + /* Get the value for the encryption type */ + hierarchy[2] = "encryption_type"; + if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { if (!krb5_string_to_enctype(svalue, &rparams->realm_enctype)) rparams->realm_enctype_valid = 1; krb5_xfree(svalue); @@ -401,8 +409,8 @@ krb5_read_realm_params(kcontext, realm, kdcprofile, kdcenv, rparamp) krb5_xfree(svalue); } - /* Get the value for the supported enctype/salttype matrix */ - hierarchy[2] = "supported_enctypes"; + /* Get the value for the supported keytype/salttype matrix */ + hierarchy[2] = "supported_keytypes"; if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { krb5_string_to_keysalts(svalue, ", \t", /* Tuple separators */ diff --git a/src/lib/kadm/keysalt.c b/src/lib/kadm/keysalt.c index 011a737..817cb66 100644 --- a/src/lib/kadm/keysalt.c +++ b/src/lib/kadm/keysalt.c @@ -36,13 +36,13 @@ static const char default_ksaltseps[] = ":."; * krb5_keysalt_is_present() - Determine if a key/salt pair is present * in a list of key/salt tuples. * - * Salttype may be negative to indicate a search for only a enctype. + * Salttype may be negative to indicate a search for only a keytype. */ krb5_boolean -krb5_keysalt_is_present(ksaltlist, nksalts, enctype, salttype) +krb5_keysalt_is_present(ksaltlist, nksalts, keytype, salttype) krb5_key_salt_tuple *ksaltlist; krb5_int32 nksalts; - krb5_enctype enctype; + krb5_keytype keytype; krb5_int32 salttype; { krb5_boolean foundit; @@ -51,7 +51,7 @@ krb5_keysalt_is_present(ksaltlist, nksalts, enctype, salttype) foundit = 0; if (ksaltlist) { for (i=0; i<nksalts; i++) { - if ((ksaltlist[i].ks_enctype == enctype) && + if ((ksaltlist[i].ks_keytype == keytype) && ((ksaltlist[i].ks_salttype == salttype) || (salttype < 0))) { foundit = 1; @@ -83,11 +83,11 @@ krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg) kret = 0; for (i=0; i<nksalt; i++) { - scratch.ks_enctype = ksaltlist[i].ks_enctype; + scratch.ks_keytype = ksaltlist[i].ks_keytype; scratch.ks_salttype = (ignoresalt) ? -1 : ksaltlist[i].ks_salttype; if (!krb5_keysalt_is_present(ksaltlist, i, - scratch.ks_enctype, + scratch.ks_keytype, scratch.ks_salttype)) { if (kret = (*iterator)(&scratch, arg)) break; @@ -112,7 +112,7 @@ krb5_string_to_keysalts(string, tupleseps, ksaltseps, dups, ksaltp, nksaltp) krb5_error_code kret; char *kp, *sp, *ep; char sepchar, trailchar; - krb5_enctype ktype; + krb5_keytype ktype; krb5_int32 stype; krb5_key_salt_tuple *savep; const char *tseplist; @@ -140,9 +140,9 @@ krb5_string_to_keysalts(string, tupleseps, ksaltseps, dups, ksaltp, nksaltp) } /* * kp points to something (hopefully) of the form: - * <enctype><ksseplist><salttype> + * <keytype><ksseplist><salttype> * or - * <enctype> + * <keytype> */ sp = (char *) NULL; /* Attempt to find a separator */ @@ -152,7 +152,7 @@ krb5_string_to_keysalts(string, tupleseps, ksaltseps, dups, ksaltp, nksaltp) ep = strchr(kp, (int) *septmp)); if (sp) { - /* Separate enctype from salttype */ + /* Separate keytype from salttype */ sepchar = *sp; *sp = '\0'; sp++; @@ -161,10 +161,10 @@ krb5_string_to_keysalts(string, tupleseps, ksaltseps, dups, ksaltp, nksaltp) stype = -1; /* - * Attempt to parse enctype and salttype. If we parse well + * Attempt to parse keytype and salttype. If we parse well * then make sure that it specifies a unique key/salt combo */ - if (!krb5_string_to_enctype(kp, &ktype) && + if (!krb5_string_to_keytype(kp, &ktype) && (!sp || !krb5_string_to_salttype(sp, &stype)) && (dups || !krb5_keysalt_is_present(*ksaltp, *nksaltp, ktype, stype))) { @@ -184,7 +184,7 @@ krb5_string_to_keysalts(string, tupleseps, ksaltseps, dups, ksaltp, nksaltp) } /* Save our values */ - (*ksaltp)[(*nksaltp)].ks_enctype = ktype; + (*ksaltp)[(*nksaltp)].ks_keytype = ktype; (*ksaltp)[(*nksaltp)].ks_salttype = stype; (*nksaltp)++; } diff --git a/src/lib/kadm/str_conv.c b/src/lib/kadm/str_conv.c index 71716ad..2d91d95 100644 --- a/src/lib/kadm/str_conv.c +++ b/src/lib/kadm/str_conv.c @@ -31,7 +31,7 @@ * * String decoding: * ---------------- - * krb5_string_to_enctype() - Convert string to krb5_enctype. + * krb5_string_to_keytype() - Convert string to krb5_keytype. * krb5_string_to_salttype() - Convert string to salttype (krb5_int32) * krb5_string_to_enctype() - Convert string to krb5_enctype. * krb5_string_to_cksumtype() - Convert string to krb5_cksumtype; @@ -41,7 +41,7 @@ * * String encoding: * ---------------- - * krb5_enctype_to_string() - Convert krb5_enctype to string. + * krb5_keytype_to_string() - Convert krb5_keytype to string. * krb5_salttype_to_string() - Convert salttype (krb5_int32) to string. * krb5_enctype_to_string() - Convert krb5_enctype to string. * krb5_cksumtype_to_string() - Convert krb5_cksumtype to string. @@ -58,18 +58,24 @@ /* * Local data structures. */ -struct enctype_lookup_entry { - krb5_enctype ktt_enctype; /* Keytype */ +struct keytype_lookup_entry { + krb5_keytype ktt_keytype; /* Keytype */ const char * ktt_specifier; /* How to recognize it */ const char * ktt_output; /* How to spit it out */ }; struct salttype_lookup_entry { - krb5_int32 stt_enctype; /* Salt type */ + krb5_int32 stt_keytype; /* Salt type */ const char * stt_specifier; /* How to recognize it */ const char * stt_output; /* How to spit it out */ }; +struct enctype_lookup_entry { + krb5_enctype ett_enctype; /* Encryption type */ + const char * ett_specifier; /* How to recognize it */ + const char * ett_output; /* How to spit it out */ +}; + struct cksumtype_lookup_entry { krb5_cksumtype cst_cksumtype; /* Checksum type */ const char * cst_specifier; /* How to recognize it */ @@ -95,19 +101,11 @@ struct deltat_match_entry { /* * Local strings */ - /* Keytype strings */ -static const char enctype_des_in[] = "des"; -static const char enctype_null_in[] = "null"; -static const char enctype_descbccrc_in[] = "des-cbc-crc"; -static const char enctype_descbcmd4_in[] = "des-cbc-md4"; -static const char enctype_descbcmd5_in[] = "des-cbc-md5"; -static const char enctype_descbcraw_in[] = "des-cbc-raw"; -static const char enctype_null_out[] = "Null"; -static const char enctype_descbccrc_out[] = "DES cbc mode with CRC-32"; -static const char enctype_descbcmd4_out[] = "DES cbc mode with RSA-MD4"; -static const char enctype_descbcmd5_out[] = "DES cbc mode with RSA-MD5"; -static const char enctype_descbcraw_out[] = "DES cbc mode raw"; +static const char keytype_null_in[] = "null"; +static const char keytype_des_in[] = "des"; +static const char keytype_null_out[] = "Null"; +static const char keytype_des_out[] = "DES"; /* Salttype strings */ static const char stype_v5_in[] = "normal"; @@ -121,6 +119,18 @@ static const char stype_norealm_out[] = "Version 5 - No Realm"; static const char stype_olrealm_out[] = "Version 5 - Realm Only"; static const char stype_special_out[] = "Special"; +/* Encryption type strings */ +static const char etype_null_in[] = "null"; +static const char etype_descbccrc_in[] = "des-cbc-crc"; +static const char etype_descbcmd4_in[] = "des-cbc-md4"; +static const char etype_descbcmd5_in[] = "des-cbc-md5"; +static const char etype_rawdescbc_in[] = "raw-des-cbc"; +static const char etype_null_out[] = "Null"; +static const char etype_descbccrc_out[] = "DES cbc mode with CRC-32"; +static const char etype_descbcmd4_out[] = "DES cbc mode with RSA-MD4"; +static const char etype_descbcmd5_out[] = "DES cbc mode with RSA-MD5"; +static const char etype_rawdescbc_out[] = "DES cbc mode"; + /* Checksum type strings */ static const char cstype_crc32_in[] = "crc32"; static const char cstype_md4_in[] = "md4"; @@ -214,18 +224,14 @@ static const char dt_output_hms[] = "%d:%02d:%02d"; /* * Lookup tables. */ -static const struct enctype_lookup_entry enctype_table[] = { -/* krb5_enctype input specifier output string */ -/*------------- ----------------------- ------------------------*/ -{ ENCTYPE_NULL, enctype_null_in, enctype_null_out }, -{ ENCTYPE_DES_CBC_MD5, enctype_des_in, enctype_descbcmd5_out }, -{ ENCTYPE_DES_CBC_CRC, enctype_descbccrc_in, enctype_descbccrc_out }, -{ ENCTYPE_DES_CBC_MD4, enctype_descbcmd4_in, enctype_descbcmd4_out }, -{ ENCTYPE_DES_CBC_MD5, enctype_descbcmd5_in, enctype_descbcmd5_out }, -{ ENCTYPE_DES_CBC_RAW, enctype_descbcraw_in, enctype_descbcraw_out } +static const struct keytype_lookup_entry keytype_table[] = { +/* krb5_keytype input specifier output string */ +/*------------- ----------------------- ------------------------*/ +{ KEYTYPE_NULL, keytype_null_in, keytype_null_out }, +{ KEYTYPE_DES, keytype_des_in, keytype_des_out } }; -static const int enctype_table_nents = sizeof(enctype_table)/ - sizeof(enctype_table[0]); +static const int keytype_table_nents = sizeof(keytype_table)/ + sizeof(keytype_table[0]); static const struct salttype_lookup_entry salttype_table[] = { /* salt type input specifier output string */ @@ -239,6 +245,18 @@ static const struct salttype_lookup_entry salttype_table[] = { static const int salttype_table_nents = sizeof(salttype_table)/ sizeof(salttype_table[0]); +static const struct enctype_lookup_entry enctype_table[] = { +/* krb5_enctype input specifier output string */ +/*------------------ --------------------- ------------------------*/ +{ ETYPE_NULL, etype_null_in, etype_null_out }, +{ ETYPE_DES_CBC_CRC, etype_descbccrc_in, etype_descbccrc_out }, +{ ETYPE_DES_CBC_MD4, etype_descbcmd4_in, etype_descbcmd4_out }, +{ ETYPE_DES_CBC_MD5, etype_descbcmd5_in, etype_descbcmd5_out }, +{ ETYPE_RAW_DES_CBC, etype_rawdescbc_in, etype_rawdescbc_out } +}; +static const int enctype_table_nents = sizeof(enctype_table)/ + sizeof(enctype_table[0]); + static const struct cksumtype_lookup_entry cksumtype_table[] = { /* krb5_cksumtype input specifier output string */ /*----------------------- --------------------- ------------------------*/ @@ -416,18 +434,18 @@ strptime(buf, format, tm) * These routines return 0 for success, EINVAL for invalid entry. */ krb5_error_code -krb5_string_to_enctype(string, enctypep) +krb5_string_to_keytype(string, keytypep) char * string; - krb5_enctype * enctypep; + krb5_keytype * keytypep; { int i; int found; found = 0; - for (i=0; i<enctype_table_nents; i++) { - if (!strcasecmp(string, enctype_table[i].ktt_specifier)) { + for (i=0; i<keytype_table_nents; i++) { + if (!strcasecmp(string, keytype_table[i].ktt_specifier)) { found = 1; - *enctypep = enctype_table[i].ktt_enctype; + *keytypep = keytype_table[i].ktt_keytype; break; } } @@ -446,7 +464,26 @@ krb5_string_to_salttype(string, salttypep) for (i=0; i<salttype_table_nents; i++) { if (!strcasecmp(string, salttype_table[i].stt_specifier)) { found = 1; - *salttypep = salttype_table[i].stt_enctype; + *salttypep = salttype_table[i].stt_keytype; + break; + } + } + return((found) ? 0 : EINVAL); +} + +krb5_error_code +krb5_string_to_enctype(string, enctypep) + char * string; + krb5_enctype * enctypep; +{ + int i; + int found; + + found = 0; + for (i=0; i<enctype_table_nents; i++) { + if (!strcasecmp(string, enctype_table[i].ett_specifier)) { + found = 1; + *enctypep = enctype_table[i].ett_enctype; break; } } @@ -588,8 +625,8 @@ krb5_string_to_deltat(string, deltatp) * if the supplied buffer/length will not contain the output. */ krb5_error_code -krb5_enctype_to_string(enctype, buffer, buflen) - krb5_enctype enctype; +krb5_keytype_to_string(keytype, buffer, buflen) + krb5_keytype keytype; char * buffer; size_t buflen; { @@ -597,9 +634,9 @@ krb5_enctype_to_string(enctype, buffer, buflen) const char *out; out = (char *) NULL; - for (i=0; i<enctype_table_nents; i++) { - if (enctype == enctype_table[i].ktt_enctype) { - out = enctype_table[i].ktt_output; + for (i=0; i<keytype_table_nents; i++) { + if (keytype == keytype_table[i].ktt_keytype) { + out = keytype_table[i].ktt_output; break; } } @@ -625,7 +662,7 @@ krb5_salttype_to_string(salttype, buffer, buflen) out = (char *) NULL; for (i=0; i<salttype_table_nents; i++) { - if (salttype == salttype_table[i].stt_enctype) { + if (salttype == salttype_table[i].stt_keytype) { out = salttype_table[i].stt_output; break; } @@ -642,6 +679,33 @@ krb5_salttype_to_string(salttype, buffer, buflen) } krb5_error_code +krb5_enctype_to_string(enctype, buffer, buflen) + krb5_enctype enctype; + char * buffer; + size_t buflen; +{ + int i; + const char *out; + + out = (char *) NULL; + for (i=0; i<enctype_table_nents; i++) { + if (enctype == enctype_table[i].ett_enctype) { + out = enctype_table[i].ett_output; + break; + } + } + if (out) { + if (buflen > strlen(out)) + strcpy(buffer, out); + else + out = (char *) NULL; + return((out) ? 0 : ENOMEM); + } + else + return(EINVAL); +} + +krb5_error_code krb5_cksumtype_to_string(cksumtype, buffer, buflen) krb5_cksumtype cksumtype; char * buffer; diff --git a/src/lib/krb425/ChangeLog b/src/lib/krb425/ChangeLog index 57b275d..a5692ed 100644 --- a/src/lib/krb425/ChangeLog +++ b/src/lib/krb425/ChangeLog @@ -1,8 +1,3 @@ -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) - - * get_cred.c, mk_priv.c, mk_safe.c, rd_priv.c, rd_req.c, rd_safe.c, - * set_key.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g - Thu Jul 13 19:47:47 1995 Sam Hartman <hartmans@tertius.mit.edu> * rd_priv.c rd_safe.c: Include netinet/in.h diff --git a/src/lib/krb425/get_cred.c b/src/lib/krb425/get_cred.c index 3af2241..bdac3ae 100644 --- a/src/lib/krb425/get_cred.c +++ b/src/lib/krb425/get_cred.c @@ -56,7 +56,7 @@ CREDENTIALS *c; creds.client = client_principal; creds.times.endtime = 0; - creds.keyblock.enctype = ENCTYPE_DES; + creds.keyblock.keytype = KEYTYPE_DES; r = krb5_get_credentials(0, _krb425_ccache, &creds); if (r) diff --git a/src/lib/krb425/mk_priv.c b/src/lib/krb425/mk_priv.c index d54b7a1..c53a1f9 100644 --- a/src/lib/krb425/mk_priv.c +++ b/src/lib/krb425/mk_priv.c @@ -49,7 +49,7 @@ struct sockaddr_in *receiver; char sa[4], ra[4]; krb5_rcache rcache; - keyb.enctype = ENCTYPE_DES; + keyb.keytype = KEYTYPE_DES; keyb.length = sizeof(des_cblock); keyb.contents = (krb5_octet *)key; @@ -87,7 +87,7 @@ struct sockaddr_in *receiver; return(-1); } r = krb5_mk_priv(&inbuf, - ENCTYPE_DES, + KEYTYPE_DES, &keyb, saddr2, &raddr, 0, /* no sequence number */ diff --git a/src/lib/krb425/mk_safe.c b/src/lib/krb425/mk_safe.c index 92c660d..399a3c1 100644 --- a/src/lib/krb425/mk_safe.c +++ b/src/lib/krb425/mk_safe.c @@ -48,7 +48,7 @@ struct sockaddr_in *receiver; char sa[4], ra[4]; krb5_rcache rcache; - keyb.enctype = ENCTYPE_DES; + keyb.keytype = KEYTYPE_DES; keyb.length = sizeof(des_cblock); keyb.contents = (krb5_octet *)key; diff --git a/src/lib/krb425/rd_priv.c b/src/lib/krb425/rd_priv.c index 00af196..dadb5a4 100644 --- a/src/lib/krb425/rd_priv.c +++ b/src/lib/krb425/rd_priv.c @@ -50,7 +50,7 @@ MSG_DAT *msg; krb5_rcache rcache; char *cachename; - keyb.enctype = ENCTYPE_DES; + keyb.keytype = KEYTYPE_DES; keyb.length = sizeof(des_cblock); keyb.contents = (krb5_octet *)key; diff --git a/src/lib/krb425/rd_req.c b/src/lib/krb425/rd_req.c index a32a659..c339233 100644 --- a/src/lib/krb425/rd_req.c +++ b/src/lib/krb425/rd_req.c @@ -195,7 +195,7 @@ char *fn; ad->checksum = *(long *)authdat->authenticator->checksum->contents; - if (authdat->ticket->enc_part2->session->enctype != ENCTYPE_DES) { + if (authdat->ticket->enc_part2->session->keytype != KEYTYPE_DES) { r = KFAILURE; goto out; } else diff --git a/src/lib/krb425/rd_safe.c b/src/lib/krb425/rd_safe.c index 3c8fa37..ec5a96f 100644 --- a/src/lib/krb425/rd_safe.c +++ b/src/lib/krb425/rd_safe.c @@ -50,7 +50,7 @@ MSG_DAT *msg; krb5_rcache rcache; char *cachename; - keyb.enctype = ENCTYPE_DES; + keyb.keytype = KEYTYPE_DES; keyb.length = sizeof(des_cblock); keyb.contents = (krb5_octet *)key; diff --git a/src/lib/krb425/set_key.c b/src/lib/krb425/set_key.c index 3b4ef1d..d38c18d 100644 --- a/src/lib/krb425/set_key.c +++ b/src/lib/krb425/set_key.c @@ -35,14 +35,14 @@ int cvt; if (cvt) { if (_krb425_servkey.contents) krb5_xfree(_krb425_servkey.contents); - mit_des_string_to_key(ENCTYPE_DES, &_krb425_servkey, 0, 0); + mit_des_string_to_key(KEYTYPE_DES, &_krb425_servkey, 0, 0); } else { if (!_krb425_servkey.contents && !(_krb425_servkey.contents = (krb5_octet *)malloc(8))) { return(KFAILURE); } _krb425_servkey.length = 8; - _krb425_servkey.enctype = ENCTYPE_DES; + _krb425_servkey.keytype = KEYTYPE_DES; memcpy((char *)_krb425_servkey.contents, (char *)key, 8); } return(KSUCCESS); diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index 662c280..aa82aec 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,13 +1,13 @@ -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) +Sun Sep 10 12:00:00 1995 <mattly@fusion.com> - * asn1_k_decode.c, asn1_k_decode.h, asn1_k_encode.c, asn1_k_encode.h, - * krb5_decode.c, krb5_encode.c: s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g + * asn1_encode.c: Removed use of localtime for encoding of generaltime. -Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) +Wed Sept 6 12:00:00 1995 <mattly@fusion.com> - * asn1_k_decode.c, asn1_k_decode.h, asn1_k_encode.c, asn1_k_encode.h - * krb5_decode.c : Remove krb5_enctype references, and replace with - krb5_keytype where appropriate + * asn1_encode.c: added EPOCH to account for macintosh time keeping + differences in asn1_encode_generaltime. + + * asn1buf.c: removed some debugging cruft. Mon Aug 28 12:54:05 1995 <tytso@rsts-11.mit.edu> diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c index d26d95d..cbf290b 100644 --- a/src/lib/krb5/asn.1/asn1_encode.c +++ b/src/lib/krb5/asn.1/asn1_encode.c @@ -183,16 +183,25 @@ asn1_error_code asn1_encode_ia5string(buf, len, val, retlen) return 0; } +#ifdef _MACINTOSH +#define EPOCH ((66 * 365 * 24 * 60 * 60) + (17 * 24 * 60 * 60) + (getTimeZoneOffset() * 60 * 60)) +#else +#define EPOCH (0) +#endif + asn1_error_code asn1_encode_generaltime(buf, val, retlen) asn1buf * buf; const time_t val; int * retlen; { asn1_error_code retval; - struct tm *gtime = gmtime(&val); + struct tm *gtime; char s[16]; int length, sum=0; + val += EPOCH; + gtime = gmtime(&val); + /* Time encoding: YYYYMMDDhhmmssZ */ sprintf(s, "%04d%02d%02d%02d%02d%02dZ", 1900+gtime->tm_year, gtime->tm_mon+1, gtime->tm_mday, diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index 93db305..187f191 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -156,8 +156,9 @@ asn1_error_code fname(buf, val)\ integer_convert(asn1_decode_int,int) integer_convert(asn1_decode_int32,krb5_int32) integer_convert(asn1_decode_kvno,krb5_kvno) -integer_convert(asn1_decode_enctype,krb5_enctype) +integer_convert(asn1_decode_keytype,krb5_keytype) integer_convert(asn1_decode_cksumtype,krb5_cksumtype) +integer_convert(asn1_decode_enctype,krb5_enctype) integer_convert(asn1_decode_octet,krb5_octet) integer_convert(asn1_decode_addrtype,krb5_addrtype) integer_convert(asn1_decode_authdatatype,krb5_authdatatype) @@ -240,10 +241,11 @@ asn1_error_code asn1_decode_encryption_key(buf, val) { setup(); { begin_structure(); - get_field(val->enctype,0,asn1_decode_enctype); + get_field(val->keytype,0,asn1_decode_keytype); get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); end_structure(); val->magic = KV5M_KEYBLOCK; + val->etype = ETYPE_UNKNOWN; } cleanup(); } @@ -254,7 +256,7 @@ asn1_error_code asn1_decode_encrypted_data(buf, val) { setup(); { begin_structure(); - get_field(val->enctype,0,asn1_decode_enctype); + get_field(val->etype,0,asn1_decode_enctype); opt_field(val->kvno,1,asn1_decode_kvno,0); get_lenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_decode_charstring); end_structure(); @@ -409,13 +411,13 @@ asn1_error_code asn1_decode_kdc_req_body(buf, val) get_field(val->till,5,asn1_decode_kerberos_time); opt_field(val->rtime,6,asn1_decode_kerberos_time,0); get_field(val->nonce,7,asn1_decode_int32); - get_lenfield(val->nktypes,val->ktype,8,asn1_decode_sequence_of_enctype); + get_lenfield(val->netypes,val->etype,8,asn1_decode_sequence_of_enctype); opt_field(val->addresses,9,asn1_decode_host_addresses,0); if(tagnum == 10){ get_field(val->authorization_data,10,asn1_decode_encrypted_data); } else{ val->authorization_data.magic = 0; - val->authorization_data.enctype = 0; + val->authorization_data.etype = 0; val->authorization_data.kvno = 0; val->authorization_data.ciphertext.data = NULL; val->authorization_data.ciphertext.length = 0; diff --git a/src/lib/krb5/asn.1/asn1_k_decode.h b/src/lib/krb5/asn.1/asn1_k_decode.h index 9490619..a411d1b 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.h +++ b/src/lib/krb5/asn.1/asn1_k_decode.h @@ -70,12 +70,14 @@ asn1_error_code asn1_decode_int32 PROTOTYPE((asn1buf *buf, krb5_int32 *val)); asn1_error_code asn1_decode_kvno PROTOTYPE((asn1buf *buf, krb5_kvno *val)); -asn1_error_code asn1_decode_enctype - PROTOTYPE((asn1buf *buf, krb5_enctype *val)); +asn1_error_code asn1_decode_keytype + PROTOTYPE((asn1buf *buf, krb5_keytype *val)); asn1_error_code asn1_decode_msgtype PROTOTYPE((asn1buf *buf, krb5_msgtype *val)); asn1_error_code asn1_decode_cksumtype PROTOTYPE((asn1buf *buf, krb5_cksumtype *val)); +asn1_error_code asn1_decode_enctype + PROTOTYPE((asn1buf *buf, krb5_enctype *val)); asn1_error_code asn1_decode_octet PROTOTYPE((asn1buf *buf, krb5_octet *val)); asn1_error_code asn1_decode_addrtype diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index 9ea9c5c..2bdcf7c 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -228,7 +228,7 @@ asn1_error_code asn1_encode_encrypted_data(buf, val, retlen) asn1_addlenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_encode_charstring); if(val->kvno) asn1_addfield(val->kvno,1,asn1_encode_integer); - asn1_addfield(val->enctype,0,asn1_encode_integer); + asn1_addfield(val->etype,0,asn1_encode_integer); asn1_makeseq(); @@ -431,7 +431,7 @@ asn1_error_code asn1_encode_kdc_req_body(buf, rep, retlen) /* etype[8] SEQUENCE OF INTEGER, -- EncryptionType, */ /* -- in preference order */ - asn1_addlenfield(rep->nktypes,rep->ktype,8,asn1_encode_sequence_of_enctype); + asn1_addlenfield(rep->netypes,rep->etype,8,asn1_encode_sequence_of_enctype); /* nonce[7] INTEGER, */ asn1_addfield(rep->nonce,7,asn1_encode_integer); @@ -485,7 +485,7 @@ asn1_error_code asn1_encode_encryption_key(buf, val, retlen) if(val == NULL || val->contents == NULL) return ASN1_MISSING_FIELD; asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); - asn1_addfield(val->enctype,0,asn1_encode_integer); + asn1_addfield(val->keytype,0,asn1_encode_integer); asn1_makeseq(); asn1_cleanup(); diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c index 09de37d..1a5a988 100644 --- a/src/lib/krb5/asn.1/krb5_decode.c +++ b/src/lib/krb5/asn.1/krb5_decode.c @@ -206,10 +206,11 @@ krb5_error_code decode_krb5_encryption_key(code, rep) alloc_field(*rep,krb5_keyblock); { begin_structure(); - get_field((*rep)->enctype,0,asn1_decode_enctype); + get_field((*rep)->keytype,0,asn1_decode_keytype); get_lenfield((*rep)->length,(*rep)->contents,1,asn1_decode_octetstring); end_structure(); (*rep)->magic = KV5M_KEYBLOCK; + (*rep)->etype = ETYPE_UNKNOWN; } cleanup(); } diff --git a/src/lib/krb5/asn.1/krb5_encode.c b/src/lib/krb5/asn.1/krb5_encode.c index 8b5b7e4..885eb03 100644 --- a/src/lib/krb5/asn.1/krb5_encode.c +++ b/src/lib/krb5/asn.1/krb5_encode.c @@ -232,8 +232,8 @@ krb5_error_code encode_krb5_encryption_key(rep, code) /* keyvalue[1] OCTET STRING */ krb5_addlenfield(rep->length,rep->contents,1,asn1_encode_octetstring); - /* enctype[0] INTEGER */ - krb5_addfield(rep->enctype,0,asn1_encode_integer); + /* keytype[0] INTEGER */ + krb5_addfield(rep->keytype,0,asn1_encode_integer); /* EncryptionKey ::= SEQUENCE */ krb5_makeseq(); diff --git a/src/lib/krb5/ccache/file/ChangeLog b/src/lib/krb5/ccache/file/ChangeLog index fa833d7..ac4bb51 100644 --- a/src/lib/krb5/ccache/file/ChangeLog +++ b/src/lib/krb5/ccache/file/ChangeLog @@ -1,15 +1,9 @@ -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) +Wed Sept 6 12:00:00 EDT 1995 James Mattly (mattly@fusion.com) - * file_read.c, file_write.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g + * fcc_retrv.c: for _MACINTOSH, defined register to null for compiler + prototype problems. -Tue Sep 05 22:58:52 1995 - - * fcc.h : Add another KRB5_FCC_FVNO but don't up the default. - * fcc_gennew.c, fcc_maybe.c : New version saves a length after - version for whatever we want to put into the ccache before - the first credential (like a time skew) - * fcc_read.c, fcc_write.c : Remove krb5_enctype references, and - replace with krb5_keytype where appropriate + * fcc_maybe.c: included <stdio.h> Tue Aug 29 13:36:00 EDT 1995 Paul Park (pjpark@mit.edu) * fcc_reslv.c - Set magic number in successfully resolved ccache. diff --git a/src/lib/krb5/ccache/file/fcc.h b/src/lib/krb5/ccache/file/fcc.h index 0e26fa7..980a9c1 100644 --- a/src/lib/krb5/ccache/file/fcc.h +++ b/src/lib/krb5/ccache/file/fcc.h @@ -55,7 +55,6 @@ #define KRB5_FCC_FVNO_1 0x0501 /* krb5 v5, fcc v1 */ #define KRB5_FCC_FVNO_2 0x0502 /* krb5 v5, fcc v2 */ #define KRB5_FCC_FVNO_3 0x0503 /* krb5 v5, fcc v3 */ -#define KRB5_FCC_FVNO_4 0x0504 /* krb5 v5, fcc v4 */ #define KRB5_FCC_DEFAULT_FVNO KRB5_FCC_FVNO_3 diff --git a/src/lib/krb5/ccache/file/fcc_gennew.c b/src/lib/krb5/ccache/file/fcc_gennew.c index 93d963b..13757e9 100644 --- a/src/lib/krb5/ccache/file/fcc_gennew.c +++ b/src/lib/krb5/ccache/file/fcc_gennew.c @@ -107,7 +107,6 @@ krb5_fcc_generate_new (context, id) goto err_out; } else { krb5_int16 fcc_fvno = htons(KRB5_FCC_DEFAULT_FVNO); - krb5_int16 fcc_flen = 0; int errsave, cnt; /* Ignore user's umask, set mode = 0600 */ @@ -126,17 +125,6 @@ krb5_fcc_generate_new (context, id) retcode = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; goto err_out; } - /* For version 4 we save a length for the rest of the header */ - if (KRB5_FCC_DEFAULT_FVNO == KRB5_FCC_FVNO_4) { - if ((cnt = write(ret, (char *)&fcc_flen, sizeof(fcc_flen))) - != sizeof(fcc_flen)) { - errsave = errno; - (void) close(ret); - (void) unlink(((krb5_fcc_data *) lid->data)->filename); - retcode = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO; - goto err_out; - } - } if (close(ret) == -1) { errsave = errno; (void) unlink(((krb5_fcc_data *) lid->data)->filename); diff --git a/src/lib/krb5/ccache/file/fcc_maybe.c b/src/lib/krb5/ccache/file/fcc_maybe.c index 9aaba98..8df018b 100644 --- a/src/lib/krb5/ccache/file/fcc_maybe.c +++ b/src/lib/krb5/ccache/file/fcc_maybe.c @@ -237,7 +237,7 @@ krb5_fcc_open_file (context, id, mode) break; } - fd = open (data->filename, open_flag | O_BINARY, 0600); + fd = THREEPARAMOPEN (data->filename, open_flag | O_BINARY, 0600); if (fd == -1) return krb5_fcc_interpret (context, errno); @@ -267,35 +267,15 @@ krb5_fcc_open_file (context, id, mode) (void) close(fd); return KRB5_CCACHE_BADVNO; } - if ((fcc_fvno != htons(KRB5_FCC_FVNO_4)) && - (fcc_fvno != htons(KRB5_FCC_FVNO_3)) && + if ((fcc_fvno != htons(KRB5_FCC_FVNO_3)) && (fcc_fvno != htons(KRB5_FCC_FVNO_2)) && (fcc_fvno != htons(KRB5_FCC_FVNO_1))) { (void) fcc_lock_file(data, fd, UNLOCK_IT); (void) close(fd); return KRB5_CCACHE_BADVNO; } - if (fcc_fvno == htons(KRB5_FCC_FVNO_4)) { - krb5_ui_2 fcc_flen; - char buf[1024]; - - if (read(fd, (char *)&fcc_flen, sizeof(fcc_flen)) - != sizeof(fcc_flen)) { - (void) fcc_lock_file(data, fd, UNLOCK_IT); - (void) close(fd); - return KRB5_CCACHE_BADVNO; - } - /* Skip past the header info for now */ - if (fcc_flen = htons(fcc_flen)) { - if (read(fd, buf, fcc_flen) != fcc_flen) { - (void) fcc_lock_file(data, fd, UNLOCK_IT); - (void) close(fd); - return KRB5_CCACHE_BADVNO; - } - } - } - data->version = ntohs(fcc_fvno); - } - data->fd = fd; - return 0; + data->version = ntohs(fcc_fvno); + } + data->fd = fd; + return 0; } diff --git a/src/lib/krb5/ccache/file/fcc_read.c b/src/lib/krb5/ccache/file/fcc_read.c index 41395f1..e963d9e 100644 --- a/src/lib/krb5/ccache/file/fcc_read.c +++ b/src/lib/krb5/ccache/file/fcc_read.c @@ -204,11 +204,14 @@ krb5_fcc_read_keyblock(context, id, keyblock) keyblock->contents = 0; kret = krb5_fcc_read_ui_2(context, id, &ui2); - keyblock->enctype = ui2; + keyblock->keytype = ui2; CHECK(kret); - if (data->version == KRB5_FCC_FVNO_3) { + if ((data->version == KRB5_FCC_FVNO_1) || + (data->version == KRB5_FCC_FVNO_2)) + keyblock->etype = ETYPE_UNKNOWN; + else { kret = krb5_fcc_read_ui_2(context, id, &ui2); - keyblock->enctype = ui2; + keyblock->etype = ui2; CHECK(kret); } diff --git a/src/lib/krb5/ccache/file/fcc_retrv.c b/src/lib/krb5/ccache/file/fcc_retrv.c index 32ee496..c7f03eb 100644 --- a/src/lib/krb5/ccache/file/fcc_retrv.c +++ b/src/lib/krb5/ccache/file/fcc_retrv.c @@ -26,6 +26,10 @@ #include "fcc.h" +#ifdef _MACINTOSH +#define register +#endif + #define set(bits) (whichfields & bits) #define flags_match(a,b) (a & b == a) #define times_match_exact(t1,t2) (memcmp((char *)(t1), (char *)(t2), sizeof(*(t1))) == 0) @@ -163,11 +167,15 @@ register const krb5_ticket_times *t2; static krb5_boolean standard_fields_match(context, mcreds, creds) - krb5_context context; -register const krb5_creds *mcreds, *creds; +krb5_context context; +const krb5_creds *mcreds; +const krb5_creds *creds; { - return (krb5_principal_compare(context, mcreds->client,creds->client) && - krb5_principal_compare(context, mcreds->server,creds->server)); +krb5_boolean clientcmp; +krb5_boolean servercmp; + clientcmp = krb5_principal_compare(context, mcreds->client,creds->client); + servercmp = krb5_principal_compare(context, mcreds->server,creds->server); + return (clientcmp && servercmp); } /* only match the server name portion, not the server realm portion */ diff --git a/src/lib/krb5/ccache/file/fcc_write.c b/src/lib/krb5/ccache/file/fcc_write.c index 566789e..38067b5 100644 --- a/src/lib/krb5/ccache/file/fcc_write.c +++ b/src/lib/krb5/ccache/file/fcc_write.c @@ -147,10 +147,11 @@ krb5_fcc_store_keyblock(context, id, keyblock) krb5_fcc_data *data = (krb5_fcc_data *)id->data; krb5_error_code ret; - ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype); + ret = krb5_fcc_store_ui_2(context, id, keyblock->keytype); CHECK(ret); - if (data->version == KRB5_FCC_FVNO_3) { - ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype); + if ((data->version != KRB5_FCC_FVNO_1) && + (data->version != KRB5_FCC_FVNO_2)) { + ret = krb5_fcc_store_ui_2(context, id, keyblock->etype); CHECK(ret); } ret = krb5_fcc_store_int32(context, id, keyblock->length); diff --git a/src/lib/krb5/ccache/stdio/ChangeLog b/src/lib/krb5/ccache/stdio/ChangeLog index a503fbd..fc85dce 100644 --- a/src/lib/krb5/ccache/stdio/ChangeLog +++ b/src/lib/krb5/ccache/stdio/ChangeLog @@ -1,3 +1,8 @@ +Thu Sept 7 12:00:00 EDT 1995 James Mattly (mattly@fusion.com) + + * scc_retrv.c: fixed paramter passing in a call to standard_fields_match. + prototypes would have caught this. + Thu Sep 7 18:07:56 1995 Mark Eichin <eichin@cygnus.com> * scc_gennew.c (krb5_scc_generate_new): don't use automatic diff --git a/src/lib/krb5/ccache/stdio/scc.h b/src/lib/krb5/ccache/stdio/scc.h index 6212adc..5fed533 100644 --- a/src/lib/krb5/ccache/stdio/scc.h +++ b/src/lib/krb5/ccache/stdio/scc.h @@ -46,7 +46,7 @@ * some overriding compatibility reasons not to do so. */ -#define KRB5_SCC_FVNO_1 0x0501 /* krb v5, scc v1 */ +#define KRB5_SCC_FVNO_1 0x0501 /* krb v5, scc v1 */ #define KRB5_SCC_FVNO_2 0x0502 /* krb v5, scc v2 */ #define KRB5_SCC_FVNO_3 0x0503 /* krb v5, scc v3 */ #define KRB5_SCC_FVNO_4 0x0504 /* krb v5, scc v4 */ diff --git a/src/lib/krb5/ccache/stdio/scc_eseq.c b/src/lib/krb5/ccache/stdio/scc_eseq.c index f8cf9c0..6d75950 100644 --- a/src/lib/krb5/ccache/stdio/scc_eseq.c +++ b/src/lib/krb5/ccache/stdio/scc_eseq.c @@ -47,7 +47,7 @@ krb5_scc_end_seq_get(context, id, cursor) krb5_cc_cursor *cursor; { int ret = KRB5_OK; -/* MAYBE_CLOSE (context, id, ret);*/ +/* MAYBE_CLOSE (context, id, ret); */ krb5_xfree((krb5_scc_cursor *) *cursor); diff --git a/src/lib/krb5/ccache/stdio/scc_maybe.c b/src/lib/krb5/ccache/stdio/scc_maybe.c index 706b10b..f6e008d 100644 --- a/src/lib/krb5/ccache/stdio/scc_maybe.c +++ b/src/lib/krb5/ccache/stdio/scc_maybe.c @@ -164,30 +164,12 @@ krb5_scc_open_file (context, id, mode) data->version = (fvno_bytes[0] << 8) + fvno_bytes[1]; if ((data->version != KRB5_SCC_FVNO_1) && (data->version != KRB5_SCC_FVNO_2) && - (data->version != KRB5_SCC_FVNO_3) && - (data->version != KRB5_SCC_FVNO_4)) { + (data->version != KRB5_SCC_FVNO_3)) { (void) krb5_unlock_file(context, fileno(f)); (void) fclose(f); return KRB5_CCACHE_BADVNO; } - if (data->version == KRB5_SCC_FVNO_4) { - char buf[1024]; - int len; - - if (!fread((char *)fvno_bytes, sizeof(fvno_bytes), 1, f)) { - (void) krb5_unlock_file(context, fileno(f)); - (void) fclose(f); - return KRB5_CCACHE_BADVNO; - } - if (len = (fvno_bytes[0] << 8) + fvno_bytes[1]) { - if (!fread(buf, len, 1, f)) { - (void) krb5_unlock_file(context, fileno(f)); - (void) fclose(f); - return KRB5_CCACHE_BADVNO; - } - } - } - } - data->file = f; - return 0; + } + data->file = f; + return 0; } diff --git a/src/lib/krb5/ccache/stdio/scc_read.c b/src/lib/krb5/ccache/stdio/scc_read.c index de29794..88bf620 100644 --- a/src/lib/krb5/ccache/stdio/scc_read.c +++ b/src/lib/krb5/ccache/stdio/scc_read.c @@ -197,12 +197,14 @@ krb5_scc_read_keyblock(context, id, keyblock) keyblock->contents = 0; kret = krb5_scc_read_ui_2(context, id, &ui2); - keyblock->enctype = ui2; + keyblock->keytype = ui2; CHECK(kret); - if (data->version == KRB5_SCC_FVNO_3) { - /* This works because the old etype is the same as the new enctype. */ + if ((data->version == KRB5_SCC_FVNO_1) || + (data->version == KRB5_SCC_FVNO_2)) + keyblock->etype = ETYPE_UNKNOWN; + else { kret = krb5_scc_read_ui_2(context, id, &ui2); - keyblock->enctype = ui2; + keyblock->etype = ui2; CHECK(kret); } diff --git a/src/lib/krb5/ccache/stdio/scc_retrv.c b/src/lib/krb5/ccache/stdio/scc_retrv.c index 5b20ad5..c196c00 100644 --- a/src/lib/krb5/ccache/stdio/scc_retrv.c +++ b/src/lib/krb5/ccache/stdio/scc_retrv.c @@ -175,8 +175,8 @@ krb5_scc_retrieve(context, id, whichfields, mcreds, creds) while ((kret = krb5_scc_next_cred(context, id, &cursor, &fetchcreds)) == KRB5_OK) { if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) && - srvname_match(mcreds, &fetchcreds)) || - standard_fields_match(mcreds, &fetchcreds)) + srvname_match(context, mcreds, &fetchcreds)) || + standard_fields_match(context, mcreds, &fetchcreds)) && (! set(KRB5_TC_MATCH_IS_SKEY) || mcreds->is_skey == fetchcreds.is_skey) diff --git a/src/lib/krb5/ccache/stdio/scc_write.c b/src/lib/krb5/ccache/stdio/scc_write.c index 3c55200..9226bb1 100644 --- a/src/lib/krb5/ccache/stdio/scc_write.c +++ b/src/lib/krb5/ccache/stdio/scc_write.c @@ -148,10 +148,11 @@ krb5_scc_store_keyblock(context, id, keyblock) krb5_scc_data *data = (krb5_scc_data *)id->data; krb5_error_code ret; - ret = krb5_scc_store_ui_2(context, id, keyblock->enctype); + ret = krb5_scc_store_ui_2(context, id, keyblock->keytype); CHECK(ret); - if (data->version == KRB5_SCC_FVNO_3) { - ret = krb5_scc_store_ui_2(context, id, keyblock->enctype); + if ((data->version != KRB5_SCC_FVNO_1) && + (data->version != KRB5_SCC_FVNO_2)) { + ret = krb5_scc_store_ui_2(context, id, keyblock->etype); CHECK(ret); } ret = krb5_scc_store_int32(context, id, keyblock->length); diff --git a/src/lib/krb5/error_tables/ChangeLog b/src/lib/krb5/error_tables/ChangeLog index b34b0a4..666b36b 100644 --- a/src/lib/krb5/error_tables/ChangeLog +++ b/src/lib/krb5/error_tables/ChangeLog @@ -1,7 +1,3 @@ -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) - - * kdb5_err.et : Change KRB5_KDB_BAD_KEYTYPE to KRB5_KDB_BAD_ENCTYPE - * krb5_err.et : Change KRB5_BAD_KEYTYPE to KRB5_BAD_ENCTYPE Tue Aug 29 13:37:14 EDT 1995 Paul Park (pjpark@mit.edu) * kv5m_err.et - Add magic numbers for DB_CONTEXT, AUTH_CONTEXT, KEYTAB diff --git a/src/lib/krb5/error_tables/kdb5_err.et b/src/lib/krb5/error_tables/kdb5_err.et index 6a48ada..e39d017 100644 --- a/src/lib/krb5/error_tables/kdb5_err.et +++ b/src/lib/krb5/error_tables/kdb5_err.et @@ -62,5 +62,5 @@ ec KRB5_KDB_DB_CORRUPT, "Database format error" ec KRB5_KDB_BAD_VERSION, "Unsupported version in database entry" ec KRB5_KDB_BAD_SALTTYPE, "Unsupported salt type" -ec KRB5_KDB_BAD_ENCTYPE, "Unsupported encryption type" +ec KRB5_KDB_BAD_KEYTYPE, "Unsupported key type" end diff --git a/src/lib/krb5/error_tables/krb5_err.et b/src/lib/krb5/error_tables/krb5_err.et index e730603..ed520b4 100644 --- a/src/lib/krb5/error_tables/krb5_err.et +++ b/src/lib/krb5/error_tables/krb5_err.et @@ -240,7 +240,7 @@ error_code KRB5_NO_TKT_IN_RLM, "Cannot find ticket for requested realm" error_code KRB5DES_BAD_KEYPAR, "DES key has bad parity" error_code KRB5DES_WEAK_KEY, "DES key is a weak key" -error_code KRB5_BAD_ENCTYPE, "Bad encryption type" +error_code KRB5_BAD_KEYTYPE, "Keytype is incompatible with encryption type" error_code KRB5_BAD_KEYSIZE, "Key size is incompatible with encryption type" error_code KRB5_BAD_MSIZE, "Message size is incompatible with encryption type" diff --git a/src/lib/krb5/free/ChangeLog b/src/lib/krb5/free/ChangeLog index e527779..fb351fc 100644 --- a/src/lib/krb5/free/ChangeLog +++ b/src/lib/krb5/free/ChangeLog @@ -1,8 +1,3 @@ -Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) - - * f_kdc_rq.c : Remove krb5_enctype references, and replace with - krb5_keytype where appropriate - Fri Jun 9 19:34:18 1995 <tytso@rsx-11.mit.edu> * configure.in: Remove standardized set of autoconf macros, which diff --git a/src/lib/krb5/free/f_kdc_rq.c b/src/lib/krb5/free/f_kdc_rq.c index 2b1ad90..0e0ca64 100644 --- a/src/lib/krb5/free/f_kdc_rq.c +++ b/src/lib/krb5/free/f_kdc_rq.c @@ -37,8 +37,8 @@ krb5_free_kdc_req(context, val) krb5_free_principal(context, val->client); if (val->server) krb5_free_principal(context, val->server); - if (val->ktype) - krb5_xfree(val->ktype); + if (val->etype) + krb5_xfree(val->etype); if (val->addresses) krb5_free_addresses(context, val->addresses); if (val->authorization_data.ciphertext.data) diff --git a/src/lib/krb5/keytab/ChangeLog b/src/lib/krb5/keytab/ChangeLog index a76291c..4a853fd 100644 --- a/src/lib/krb5/keytab/ChangeLog +++ b/src/lib/krb5/keytab/ChangeLog @@ -1,6 +1,3 @@ -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) - - * read_servi.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g Tue Aug 29 13:37:56 EDT 1995 Paul Park (pjpark@mit.edu) * ktbase.c - Add routines to deal with externalizing krb5_keytab. These diff --git a/src/lib/krb5/keytab/file/ChangeLog b/src/lib/krb5/keytab/file/ChangeLog index 7cdd986..789ac13 100644 --- a/src/lib/krb5/keytab/file/ChangeLog +++ b/src/lib/krb5/keytab/file/ChangeLog @@ -1,12 +1,3 @@ -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) - - * ktf_g_ent.c, ktf_remove.c, ktf_util.c, ktfile.h : - s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g - -Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) - - * ktf_util.c : Remove krb5_enctype references, and replace with - krb5_keytype where appropriate Tue Aug 29 13:38:58 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in, .Sanitize, ser_ktf.c - Add new module to support diff --git a/src/lib/krb5/keytab/file/ktf_g_ent.c b/src/lib/krb5/keytab/file/ktf_g_ent.c index f6c72fe..7f6120b 100644 --- a/src/lib/krb5/keytab/file/ktf_g_ent.c +++ b/src/lib/krb5/keytab/file/ktf_g_ent.c @@ -30,12 +30,12 @@ #include "ktfile.h" krb5_error_code -krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry) +krb5_ktfile_get_entry(context, id, principal, kvno, keytype, entry) krb5_context context; krb5_keytab id; krb5_principal principal; krb5_kvno kvno; - krb5_enctype enctype; + krb5_keytype keytype; krb5_keytab_entry * entry; { krb5_keytab_entry cur_entry, new_entry; diff --git a/src/lib/krb5/keytab/file/ktf_remove.c b/src/lib/krb5/keytab/file/ktf_remove.c index 644209f..a58cc10 100644 --- a/src/lib/krb5/keytab/file/ktf_remove.c +++ b/src/lib/krb5/keytab/file/ktf_remove.c @@ -52,7 +52,7 @@ krb5_keytab_entry *entry; break; if ((entry->vno == cur_entry.vno) && - (entry->key.enctype == cur_entry.key.enctype) && + (entry->key.keytype == cur_entry.key.keytype) && krb5_principal_compare(context, entry->principal, cur_entry.principal)) { /* found a match */ krb5_kt_free_entry(context, &cur_entry); diff --git a/src/lib/krb5/keytab/file/ktf_util.c b/src/lib/krb5/keytab/file/ktf_util.c index 3713c62..42009a0 100644 --- a/src/lib/krb5/keytab/file/ktf_util.c +++ b/src/lib/krb5/keytab/file/ktf_util.c @@ -63,7 +63,7 @@ * sizeof(krb5_int32) for the principal type (for KEYTAB V2 and higher) * sizeof(krb5_int32) bytes for the timestamp * sizeof(krb5_octet) bytes for the key version number - * sizeof(krb5_int16) bytes for the enctype + * sizeof(krb5_int16) bytes for the keytype * sizeof(krb5_int32) bytes for the key length, followed by the key */ @@ -252,7 +252,7 @@ krb5_int32 *delete_point; { krb5_octet vno; krb5_int16 count; - krb5_int16 enctype; + krb5_int16 keytype; krb5_int16 princ_size; register int i; krb5_int32 size; @@ -396,17 +396,18 @@ krb5_int32 *delete_point; ret_entry->vno = (krb5_kvno)vno; /* key type */ - if (!xfread(&enctype, sizeof(enctype), 1, KTFILEP(id))) { + if (!xfread(&keytype, sizeof(keytype), 1, KTFILEP(id))) { error = KRB5_KT_END; goto fail; } - ret_entry->key.enctype = (krb5_enctype)enctype; + ret_entry->key.keytype = (krb5_keytype)keytype; if (KTVERSION(id) != KRB5_KT_VNO_1) - ret_entry->key.enctype = ntohs(ret_entry->key.enctype); + ret_entry->key.keytype = ntohs(ret_entry->key.keytype); /* key contents */ ret_entry->key.magic = KV5M_KEYBLOCK; + ret_entry->key.etype = ETYPE_UNKNOWN; if (!xfread(&count, sizeof(count), 1, KTFILEP(id))) { error = KRB5_KT_END; @@ -469,7 +470,7 @@ krb5_keytab_entry *entry; { krb5_octet vno; krb5_data *princ; - krb5_int16 count, size, enctype; + krb5_int16 count, size, keytype; krb5_error_code retval = 0; krb5_timestamp timestamp; krb5_int32 princ_type; @@ -561,10 +562,10 @@ krb5_keytab_entry *entry; } /* key type */ if (KTVERSION(id) == KRB5_KT_VNO_1) - enctype = entry->key.enctype; + keytype = entry->key.keytype; else - enctype = htons(entry->key.enctype); - if (!xfwrite(&enctype, sizeof(enctype), 1, KTFILEP(id))) { + keytype = htons(entry->key.keytype); + if (!xfwrite(&keytype, sizeof(keytype), 1, KTFILEP(id))) { goto abend; } /* key length */ diff --git a/src/lib/krb5/keytab/file/ktfile.h b/src/lib/krb5/keytab/file/ktfile.h index 8465966..c1c55dc 100644 --- a/src/lib/krb5/keytab/file/ktfile.h +++ b/src/lib/krb5/keytab/file/ktfile.h @@ -86,7 +86,7 @@ krb5_error_code krb5_ktfile_get_entry krb5_keytab, krb5_principal, krb5_kvno, - krb5_enctype, + krb5_keytype, krb5_keytab_entry *)); krb5_error_code krb5_ktfile_start_seq_get diff --git a/src/lib/krb5/keytab/file/ser_ktf.c b/src/lib/krb5/keytab/file/ser_ktf.c index 2be7b70..536dd8a 100644 --- a/src/lib/krb5/keytab/file/ser_ktf.c +++ b/src/lib/krb5/keytab/file/ser_ktf.c @@ -163,9 +163,13 @@ krb5_ktf_keytab_externalize(kcontext, arg, buffer, lenremain) int fflags; file_is_open = 1; +#ifndef _MACINTOSH fflags = fcntl(fileno(ktdata->openf), F_GETFL, 0); if (fflags > 0) file_is_open |= ((fflags & O_ACCMODE) << 1); +#else + file_is_open = 0; +#endif fpos = ftell(ktdata->openf); #if SIZEOF_LONG == 4 file_pos[0] = fpos; @@ -278,7 +282,11 @@ krb5_ktf_keytab_internalize(kcontext, argp, buffer, lenremain) int fmode; long fpos; +#ifndef _MACINTOSH fmode = (file_is_open >> 1) & O_ACCMODE; +#else + fmode = 0; +#endif if (fmode) kret = krb5_ktfileint_openw(kcontext, keytab); diff --git a/src/lib/krb5/keytab/read_servi.c b/src/lib/krb5/keytab/read_servi.c index a174434..e18d199 100644 --- a/src/lib/krb5/keytab/read_servi.c +++ b/src/lib/krb5/keytab/read_servi.c @@ -35,18 +35,18 @@ * effects: If keyprocarg is not NULL, it is taken to be the name of a * keytab. Otherwise, the default keytab will be used. This * routine opens the keytab and finds the principal associated with - * principal, vno, and enctype and returns the resulting key in *key + * principal, vno, and keytype and returns the resulting key in *key * or returning an error code if it is not found. * returns: Either KSUCCESS or error code. * errors: error code if not found or keyprocarg is invalid. */ krb5_error_code -krb5_kt_read_service_key(context, keyprocarg, principal, vno, enctype, key) +krb5_kt_read_service_key(context, keyprocarg, principal, vno, keytype, key) krb5_context context; krb5_pointer keyprocarg; krb5_principal principal; krb5_kvno vno; - krb5_enctype enctype; + krb5_keytype keytype; krb5_keyblock ** key; { krb5_error_code kerror = KSUCCESS; @@ -70,7 +70,7 @@ krb5_kt_read_service_key(context, keyprocarg, principal, vno, enctype, key) if ((kerror = krb5_kt_resolve(context, (char *)keytabname, &id))) return (kerror); - kerror = krb5_kt_get_entry(context, id, principal, vno, enctype, &entry); + kerror = krb5_kt_get_entry(context, id, principal, vno, keytype, &entry); krb5_kt_close(context, id); if (kerror) diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index fa363cf..05c914e 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,44 +1,25 @@ -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) +Sun Sep 10 12:00:00 1995 James Mattly (mattly@fusion.com) - * auth_con.c, decrypt_tk.c, encode_kdc.c, encrypt_tk.c, - * gc_frm_kdc.c, gen_seqnum.c, get_creds.c, get_in_tkt.c, - * in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c, init_ctx.c, - * kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c, mk_req._ext.c, - * preauth.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c, - * send_tgs.c, sendauth.c, ser_actx.c, ser_ctx.c, ser_eblk.c, - * ser_key.c, t_ser.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g + * gen_seqnum.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday + * get_in_tkt.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday + * mk_priv.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday + * mk_req_ext.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday + * send_tgs.c: change usage of krb5_timeofday over to krb5_crypto_us_timeofday -Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) +Wed Sept 6 12:00:00 EDT 1995 James Mattly (mattly@fusion.com) - * decode_kdc.c, decrypt_tk.c, encode_kdc.c, encrypt_tk.c, gc_frm_kdc.c - * gc_via_tkt.c, get_in_tkt.c, in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c - * init_ctx.c, kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c - * mk_req_ext.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c, - * send_tgs.c, ser_ctx.c, ser_eblk.c, ser_key.c, t_ser.c: - Remove krb5_enctype references, and replace with - krb5_keytype where appropriate + * get_in_tkt.c: change usage of krb5_timeofday to krb5_crypto_us_timeofday + * mk_req_ext.c: change usage of timeofday + * parse.c: disabled a usage of exit for macintosh + * send_tgs.c: change usage of krb5_timeofday over to + krb5_crypto_us_timeofday + * unparse.c: include <stdio.h> -Fri Sep 1 20:03:41 1995 Theodore Y. Ts'o <tytso@dcl> - - * get_in_tkt.c (krb5_get_in_tkt): If kdc_settime is enabled, then - set the time_offset fields from the returned ticket's - authtime value. - - * init_ctx.c (krb5_init_context): Initialize new fields in - krb5_context (clockskew, kdc_req_sumtype, and - kdc_default_options). - - * gc_via_tkt.c (krb5_get_cred_via_tkt): Perform the necessary - sanity checking on the KDC response to make sure we detect - tampering. - - * send_tgs.c (krb5_send_tgs): Set the expected nonce in the - response structure. Fri Sep 1 11:16:43 EDT 1995 Paul Park (pjpark@mit.edu) - * ser_ctx.c - Add handling of new time offset fields in the os_context. + Tue Aug 29 14:14:26 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in, .Sanitize, ser_{actx,adata,addr,auth,cksum,ctx,eblk,key, princ}.c, serialize.c, t_ser.c - Add serialization operations diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c index fc96acb..c8ee71c 100644 --- a/src/lib/krb5/krb/auth_con.c +++ b/src/lib/krb5/krb/auth_con.c @@ -265,7 +265,7 @@ krb5_auth_con_initivector(context, auth_context) krb5_auth_context auth_context; { if (auth_context->keyblock) { - int size = krb5_enctype_array[auth_context->keyblock->enctype]-> + int size = krb5_keytype_array[auth_context->keyblock->keytype]-> system->block_length; if ((auth_context->i_vector = (krb5_pointer)malloc(size))) { diff --git a/src/lib/krb5/krb/decode_kdc.c b/src/lib/krb5/krb/decode_kdc.c index 71e01a8..642de5b 100644 --- a/src/lib/krb5/krb/decode_kdc.c +++ b/src/lib/krb5/krb/decode_kdc.c @@ -40,10 +40,11 @@ */ krb5_error_code -krb5_decode_kdc_rep(context, enc_rep, key, dec_rep) +krb5_decode_kdc_rep(context, enc_rep, key, etype, dec_rep) krb5_context context; krb5_data * enc_rep; const krb5_keyblock * key; + const krb5_enctype etype; krb5_kdc_rep ** dec_rep; { krb5_error_code retval; @@ -59,10 +60,16 @@ krb5_decode_kdc_rep(context, enc_rep, key, dec_rep) if (retval) return retval; - if (retval = krb5_kdc_rep_decrypt_proc(context, key, 0, local_dec_rep)) + if (local_dec_rep->enc_part.etype != etype) { krb5_free_kdc_rep(context, local_dec_rep); - else - *dec_rep = local_dec_rep; - return(retval); + return KRB5_WRONG_ETYPE; + } + retval = krb5_kdc_rep_decrypt_proc(context, key, 0, local_dec_rep); + if (retval) { + krb5_free_kdc_rep(context, local_dec_rep); + return(retval); + } + *dec_rep = local_dec_rep; + return 0; } diff --git a/src/lib/krb5/krb/decrypt_tk.c b/src/lib/krb5/krb/decrypt_tk.c index f8850b1..3777ffa 100644 --- a/src/lib/krb5/krb/decrypt_tk.c +++ b/src/lib/krb5/krb/decrypt_tk.c @@ -46,27 +46,29 @@ krb5_decrypt_tkt_part(context, srv_key, ticket) krb5_data scratch; krb5_error_code retval; - if (!valid_enctype(ticket->enc_part.enctype)) + if (!valid_etype(ticket->enc_part.etype)) return KRB5_PROG_ETYPE_NOSUPP; /* put together an eblock for this encryption */ - krb5_use_enctype(context, &eblock, ticket->enc_part.enctype); + + krb5_use_cstype(context, &eblock, ticket->enc_part.etype); scratch.length = ticket->enc_part.ciphertext.length; if (!(scratch.data = malloc(ticket->enc_part.ciphertext.length))) return(ENOMEM); /* do any necessary key pre-processing */ - if (retval = krb5_process_key(context, &eblock, srv_key)) { + retval = krb5_process_key(context, &eblock, srv_key); + if (retval) { free(scratch.data); return(retval); } /* call the encryption routine */ - if (retval = krb5_decrypt(context, - (krb5_pointer) ticket->enc_part.ciphertext.data, - (krb5_pointer) scratch.data, scratch.length, - &eblock, 0)) { + retval = krb5_decrypt(context, (krb5_pointer) ticket->enc_part.ciphertext.data, + (krb5_pointer) scratch.data, + scratch.length, &eblock, 0); + if (retval) { (void) krb5_finish_key(context, &eblock); free(scratch.data); return retval; @@ -85,5 +87,6 @@ free(scratch.data);} ticket->enc_part2 = dec_tkt_part; } clean_scratch(); + ticket->enc_part2->session->etype = ticket->enc_part.etype; return retval; } diff --git a/src/lib/krb5/krb/encode_kdc.c b/src/lib/krb5/krb/encode_kdc.c index 502a87e..a4d0edb 100644 --- a/src/lib/krb5/krb/encode_kdc.c +++ b/src/lib/krb5/krb/encode_kdc.c @@ -54,7 +54,7 @@ krb5_encode_kdc_rep(context, type, encpart, eblock, client_key, dec_rep, enc_rep krb5_error_code retval; krb5_enc_kdc_rep_part tmp_encpart; - if (!valid_enctype(dec_rep->enc_part.enctype)) + if (!valid_etype(dec_rep->enc_part.etype)) return KRB5_PROG_ETYPE_NOSUPP; switch (type) { @@ -127,7 +127,7 @@ dec_rep->enc_part.ciphertext.data = 0;} goto clean_prockey; } - dec_rep->enc_part.enctype = krb5_eblock_enctype(context, eblock); + dec_rep->enc_part.etype = krb5_eblock_enctype(context, eblock); /* do some cleanup */ cleanup_scratch(); diff --git a/src/lib/krb5/krb/encrypt_tk.c b/src/lib/krb5/krb/encrypt_tk.c index 88b2320..0220e42 100644 --- a/src/lib/krb5/krb/encrypt_tk.c +++ b/src/lib/krb5/krb/encrypt_tk.c @@ -95,7 +95,7 @@ dec_ticket->enc_part.ciphertext.data = 0;} goto clean_prockey; } - dec_ticket->enc_part.enctype = krb5_eblock_enctype(context, eblock); + dec_ticket->enc_part.etype = krb5_eblock_enctype(context, eblock); /* ticket is now assembled-- do some cleanup */ cleanup_scratch(); diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index 5975823..255c449 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -60,6 +60,8 @@ extern krb5_cksumtype krb5_kdc_req_sumtype; /* helper macro: convert flags to necessary KDC options */ #define FLAGS2OPTS(flags) (flags & KDC_TKT_COMMON_MASK) +#define TGT_ETYPE \ + krb5_keytype_array[tgt.keyblock.keytype]->system->proto_enctype; krb5_error_code krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts) @@ -73,6 +75,7 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts) int ntgts = 0; krb5_creds tgt, tgtq, *tgtr = NULL; + krb5_enctype etype; krb5_error_code retval; krb5_principal int_server = NULL; /* Intermediate server for request */ @@ -228,8 +231,8 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts) /* didn't find it in the cache so try and get one */ /* with current tgt. */ - if (!valid_enctype(tgt.keyblock.enctype)) { - retval = KRB5_PROG_ETYPE_NOSUPP; + if (!valid_keytype(tgt.keyblock.keytype)) { + retval = KRB5_PROG_KEYTYPE_NOSUPP; goto cleanup; } @@ -247,6 +250,7 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts) goto cleanup; tgtq.is_skey = FALSE; tgtq.ticket_flags = tgt.ticket_flags; + etype = TGT_ETYPE; if ((retval = krb5_get_cred_via_tkt(context, &tgt, FLAGS2OPTS(tgtq.ticket_flags), tgt.addresses, &tgtq, &tgtr))) { @@ -289,8 +293,8 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts) /* not in the cache so try and get one with our current tgt. */ - if (!valid_enctype(tgt.keyblock.enctype)) { - retval = KRB5_PROG_ETYPE_NOSUPP; + if (!valid_keytype(tgt.keyblock.keytype)) { + retval = KRB5_PROG_KEYTYPE_NOSUPP; goto cleanup; } @@ -305,6 +309,7 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts) goto cleanup; tgtq.is_skey = FALSE; tgtq.ticket_flags = tgt.ticket_flags; + etype = TGT_ETYPE; if ((retval = krb5_get_cred_via_tkt(context, &tgt, FLAGS2OPTS(tgtq.ticket_flags), tgt.addresses, @@ -373,11 +378,12 @@ krb5_get_cred_from_kdc(context, ccache, in_cred, out_cred, tgts) /* got/finally have tgt! try for the creds */ - if (!valid_enctype(tgt.keyblock.enctype)) { - retval = KRB5_PROG_ETYPE_NOSUPP; + if (!valid_keytype(tgt.keyblock.keytype)) { + retval = KRB5_PROG_KEYTYPE_NOSUPP; goto cleanup; } + etype = TGT_ETYPE; retval = krb5_get_cred_via_tkt(context, &tgt, FLAGS2OPTS(tgt.ticket_flags) | (in_cred->second_ticket.length ? KDC_OPT_ENC_TKT_IN_SKEY : 0), diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index 643bca5..c2f531f 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -28,9 +28,6 @@ #include "k5-int.h" #include "int-proto.h" -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date, now) (labs((date)-(now)) < krb5_clockskew) - static krb5_error_code krb5_kdcrep2creds(context, pkdcrep, address, psectkt, ppcreds) krb5_context context; @@ -66,6 +63,7 @@ krb5_kdcrep2creds(context, pkdcrep, address, psectkt, ppcreds) (*ppcreds)->second_ticket = *pdata; krb5_xfree(pdata); + (*ppcreds)->keyblock.etype = pkdcrep->ticket->enc_part.etype; (*ppcreds)->ticket_flags = pkdcrep->enc_part2->flags; (*ppcreds)->times = pkdcrep->enc_part2->times; (*ppcreds)->magic = KV5M_CREDS; @@ -164,14 +162,24 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred) if (retval) /* neither proper reply nor error! */ goto error_4; - retval = err_reply->error + ERROR_TABLE_BASE_krb5; +#if 0 + /* XXX need access to the actual assembled request... + need a change to send_tgs */ + if ((err_reply->ctime != request.ctime) || + !krb5_principal_compare(context,err_reply->server,request.server) || + !krb5_principal_compare(context, err_reply->client, request.client)) + retval = KRB5_KDCREP_MODIFIED; + else +#endif + retval = err_reply->error + ERROR_TABLE_BASE_krb5; krb5_free_error(context, err_reply); goto error_4; } if ((retval = krb5_decode_kdc_rep(context, &tgsrep.response, - &tkt->keyblock, &dec_rep))) + &tkt->keyblock, + tkt->keyblock.etype, &dec_rep))) goto error_4; if (dec_rep->msg_type != KRB5_TGS_REP) { @@ -179,36 +187,42 @@ krb5_get_cred_via_tkt (context, tkt, kdcoptions, address, in_cred, out_cred) goto error_3; } - /* make sure the response hasn't been tampered with..... */ - if (!krb5_principal_compare(context, dec_rep->client, tkt->client) || - !krb5_principal_compare(context, dec_rep->enc_part2->server, - in_cred->server) || - !krb5_principal_compare(context, dec_rep->ticket->server, - in_cred->server) || - (dec_rep->enc_part2->nonce != tgsrep.expected_nonce) || - ((in_cred->times.starttime != 0) && - (in_cred->times.starttime != dec_rep->enc_part2->times.starttime)) || - ((in_cred->times.endtime != 0) && - (dec_rep->enc_part2->times.endtime > in_cred->times.endtime)) || - ((kdcoptions & KDC_OPT_RENEWABLE) && - (in_cred->times.renew_till != 0) && - (dec_rep->enc_part2->times.renew_till > in_cred->times.renew_till)) || - ((kdcoptions & KDC_OPT_RENEWABLE_OK) && - (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) && - (in_cred->times.endtime != 0) && - (dec_rep->enc_part2->times.renew_till > in_cred->times.endtime)) - ) { + /* now it's decrypted and ready for prime time */ + if (!krb5_principal_compare(context, dec_rep->client, tkt->client)) { retval = KRB5_KDCREP_MODIFIED; goto error_3; } - if (!in_cred->times.starttime && - !in_clock_skew(dec_rep->enc_part2->times.starttime, - tgsrep.request_time)) { +#if 0 + /* XXX probably need access to the request */ + /* check the contents for sanity: */ + if (!krb5_principal_compare(context, dec_rep->client, request.client) + || !krb5_principal_compare(context, dec_rep->enc_part2->server, request.server) + || !krb5_principal_compare(context, dec_rep->ticket->server, request.server) + || (request.nonce != dec_rep->enc_part2->nonce) + /* XXX check for extraneous flags */ + /* XXX || (!krb5_addresses_compare(context, addrs, dec_rep->enc_part2->caddrs)) */ + || ((request.from != 0) && + (request.from != dec_rep->enc_part2->times.starttime)) + || ((request.till != 0) && + (dec_rep->enc_part2->times.endtime > request.till)) + || ((request.kdc_options & KDC_OPT_RENEWABLE) && + (request.rtime != 0) && + (dec_rep->enc_part2->times.renew_till > request.rtime)) + || ((request.kdc_options & KDC_OPT_RENEWABLE_OK) && + (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) && + (request.till != 0) && + (dec_rep->enc_part2->times.renew_till > request.till)) + ) + retval = KRB5_KDCREP_MODIFIED; + + if (!request.from && !in_clock_skew(dec_rep->enc_part2->times.starttime)) { retval = KRB5_KDCREP_SKEW; goto error_3; } +#endif + retval = krb5_kdcrep2creds(context, dec_rep, address, &in_cred->second_ticket, out_cred); diff --git a/src/lib/krb5/krb/gen_seqnum.c b/src/lib/krb5/krb/gen_seqnum.c index 3694d2c..0dde74e 100644 --- a/src/lib/krb5/krb/gen_seqnum.c +++ b/src/lib/krb5/krb/gen_seqnum.c @@ -49,10 +49,10 @@ krb5_generate_seq_number(context, key, seqno) krb5_octet *intmp = 0, *outtmp = 0; int esize; - if (!valid_enctype(key->enctype)) - return KRB5_PROG_ETYPE_NOSUPP; + if (!valid_keytype(key->keytype)) + return KRB5_PROG_KEYTYPE_NOSUPP; - krb5_use_enctype(context, &eblock, key->enctype); + krb5_use_keytype(context, &eblock, key->keytype); if ((retval = krb5_init_random_key(context, &eblock, key, &random_state))) return(retval); diff --git a/src/lib/krb5/krb/gen_subkey.c b/src/lib/krb5/krb/gen_subkey.c index 66a79d1..9d8ad84 100644 --- a/src/lib/krb5/krb/gen_subkey.c +++ b/src/lib/krb5/krb/gen_subkey.c @@ -36,10 +36,10 @@ krb5_generate_subkey(context, key, subkey) krb5_encrypt_block eblock; krb5_error_code retval; - if (!valid_enctype(key->enctype)) - return KRB5_PROG_ETYPE_NOSUPP; + if (!valid_keytype(key->keytype)) + return KRB5_PROG_KEYTYPE_NOSUPP; - krb5_use_enctype(context, &eblock, key->enctype); + krb5_use_keytype(context, &eblock, key->keytype); if ((retval = krb5_init_random_key(context, &eblock, key, &random_state))) return(retval); diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index ed7f145..8ea0bf9 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -32,7 +32,7 @@ client identified by in_creds->client, the server identified by in_creds->server, with options options, expiration date specified in in_creds->times.endtime (0 means as long as possible), session key type - specified in in_creds->keyblock.enctype (if non-zero) + specified in in_creds->keyblock.keytype (if non-zero) Any returned ticket and intermediate ticket-granting tickets are stored in ccache. diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 3bd684d..cd9e0b8 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -61,7 +61,7 @@ extern krb5_deltat krb5_clockskew; /* some typedef's for the function args to make things look a bit cleaner */ typedef krb5_error_code (*git_key_proc) PROTOTYPE((krb5_context, - const krb5_enctype, + const krb5_keytype, krb5_data *, krb5_const_pointer, krb5_keyblock **)); @@ -71,12 +71,12 @@ typedef krb5_error_code (*git_decrypt_proc) PROTOTYPE((krb5_context, krb5_const_pointer, krb5_kdc_rep * )); krb5_error_code -krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, +krb5_get_in_tkt(context, options, addrs, etypes, ptypes, key_proc, keyseed, decrypt_proc, decryptarg, creds, ccache, ret_as_reply) krb5_context context; const krb5_flags options; krb5_address * const * addrs; - krb5_enctype * ktypes; + krb5_enctype * etypes; krb5_preauthtype * ptypes; git_key_proc key_proc; krb5_const_pointer keyseed; @@ -86,7 +86,8 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, krb5_ccache ccache; krb5_kdc_rep ** ret_as_reply; { - krb5_enctype enctype, ktype; + krb5_keytype keytype; + krb5_enctype etype; krb5_kdc_req request; krb5_kdc_rep *as_reply = 0; krb5_error *err_reply; @@ -96,7 +97,6 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, krb5_keyblock *decrypt_key = 0; krb5_timestamp time_now; /* krb5_pa_data *padata; */ - krb5_pa_data **preauth_to_use = 0; int f_salt = 0, use_salt = 0; krb5_data salt; char k4_version; /* same type as *(krb5_data::data) */ @@ -132,7 +132,7 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, * default. But if we're changing salts, because of a * realm renaming, or some such, this won't work. */ -/* retval = (*key_proc)(context, enctype, &decrypt_key, keyseed, 0); */ +/* retval = (*key_proc)(context, keytype, &decrypt_key, keyseed, 0); */ if (retval) return retval; request.padata = (krb5_pa_data **) malloc(sizeof(krb5_pa_data *) @@ -159,32 +159,34 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, request.till = creds->times.endtime; request.rtime = creds->times.renew_till; +{ +krb5_int32 usec; +#if 0 if ((retval = krb5_timeofday(context, &time_now))) goto cleanup; +#else + if ((retval = krb5_us_timeofday(context, &time_now, &usec))) + goto cleanup; +#endif +} /* XXX we know they are the same size... */ request.nonce = (krb5_int32) time_now; - if (ktypes) - request.ktype = ktypes; + if (etypes) + request.etype = etypes; else - krb5_get_default_in_tkt_ktypes(context, &request.ktype); - for (request.nktypes = 0;request.ktype[request.nktypes];request.nktypes++); + krb5_get_default_in_tkt_etypes(context, &request.etype); + for (request.netypes = 0;request.etype[request.netypes];request.netypes++); request.authorization_data.ciphertext.length = 0; request.authorization_data.ciphertext.data = 0; request.unenc_authdata = 0; request.second_ticket = 0; - if ((retval = krb5_timeofday(context, &time_now))) - goto cleanup; - - /* XXX we know they are the same size... */ - request.nonce = (krb5_int32) time_now; - /* encode & send to KDC */ retval = encode_krb5_as_req(&request, &packet); - if (!ktypes) - free(request.ktype); + if (!etypes) + free(request.etype); if (retval) goto cleanup; @@ -202,15 +204,14 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, /* some other error code--??? */ goto cleanup; - if (err_reply->error == KDC_ERR_PREAUTH_REQUIRED && - err_reply->e_data.length > 0) { - retval = decode_krb5_padata_sequence(&err_reply->e_data, - &preauth_to_use); - /* XXX we need to actually do something with the info */ - krb5_free_pa_data(context, preauth_to_use); - } + /* it was an error */ - retval = err_reply->error + ERROR_TABLE_BASE_krb5; + if ((err_reply->ctime != request.nonce) || + !krb5_principal_compare(context, err_reply->server, request.server) || + !krb5_principal_compare(context, err_reply->client, request.client)) + retval = KRB5_KDCREP_MODIFIED; + else + retval = err_reply->error + ERROR_TABLE_BASE_krb5; /* XXX somehow make error msg text available to application? */ @@ -249,8 +250,9 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, goto cleanup; } - /* Encryption type, enctype, */ - enctype = as_reply->ticket->enc_part.enctype; + /* Encryption type, keytype, */ + etype = as_reply->ticket->enc_part.etype; + keytype = krb5_csarray[etype]->system->proto_keytype; /* and salt */ if (as_reply->padata) { @@ -276,7 +278,7 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, /* it was a kdc_rep--decrypt & check */ /* Generate the key, if we haven't done so already. */ if (!decrypt_key) { - if ((retval = (*key_proc)(context, enctype, & salt, keyseed, + if ((retval = (*key_proc)(context, keytype, & salt, keyseed, &decrypt_key))) goto cleanup; } @@ -317,11 +319,7 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, retval = KRB5_KDCREP_SKEW; goto cleanup; } - - if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) - krb5_set_time_offsets(context, - as_reply->enc_part2->times.authtime - time_now, - 0); + /* XXX issue warning if as_reply->enc_part2->key_exp is nearby */ @@ -330,6 +328,7 @@ krb5_get_in_tkt(context, options, addrs, ktypes, ptypes, key_proc, keyseed, as_reply->enc_part2->session, &creds->keyblock))) goto cleanup; + creds->keyblock.etype = as_reply->ticket->enc_part.etype; creds->times = as_reply->enc_part2->times; creds->is_skey = FALSE; /* this is an AS_REQ, so cannot diff --git a/src/lib/krb5/krb/in_tkt_ktb.c b/src/lib/krb5/krb/in_tkt_ktb.c index c56ed3c..2a96b11 100644 --- a/src/lib/krb5/krb/in_tkt_ktb.c +++ b/src/lib/krb5/krb/in_tkt_ktb.c @@ -39,7 +39,7 @@ struct keytab_keyproc_arg { */ krb5_error_code keytab_keyproc PROTOTYPE((krb5_context, - const krb5_enctype, + const krb5_keytype, krb5_data *, krb5_const_pointer, krb5_keyblock **)); @@ -47,7 +47,7 @@ krb5_error_code keytab_keyproc krb5_error_code keytab_keyproc(context, type, salt, keyseed, key) krb5_context context; - const krb5_enctype type; + const krb5_keytype type; krb5_data * salt; krb5_const_pointer keyseed; krb5_keyblock ** key; @@ -60,7 +60,7 @@ keytab_keyproc(context, type, salt, keyseed, key) kt_id = arg->keytab; - if (!valid_enctype(type)) + if (!valid_keytype(type)) return KRB5_PROG_ETYPE_NOSUPP; if (kt_id == NULL) @@ -79,7 +79,7 @@ keytab_keyproc(context, type, salt, keyseed, key) goto cleanup; } - if (realkey->enctype != type) { + if (realkey->keytype != type) { (void) krb5_kt_free_entry(context, &kt_ent); krb5_free_keyblock(context, realkey); retval = KRB5_PROG_ETYPE_NOSUPP; @@ -113,12 +113,12 @@ cleanup: */ krb5_error_code -krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types, +krb5_get_in_tkt_with_keytab(context, options, addrs, etypes, pre_auth_types, keytab, ccache, creds, ret_as_reply) krb5_context context; const krb5_flags options; krb5_address * const * addrs; - krb5_enctype * ktypes; + krb5_enctype * etypes; krb5_preauthtype * pre_auth_types; const krb5_keytab keytab; krb5_ccache ccache; @@ -130,7 +130,7 @@ krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, pre_auth_types, arg.keytab = keytab; arg.client = creds->client; - return (krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, + return (krb5_get_in_tkt(context, options, addrs, etypes, pre_auth_types, keytab_keyproc, (krb5_pointer)&arg, krb5_kdc_rep_decrypt_proc, 0, creds, ccache, ret_as_reply)); diff --git a/src/lib/krb5/krb/in_tkt_pwd.c b/src/lib/krb5/krb/in_tkt_pwd.c index e73b189..7ef8705 100644 --- a/src/lib/krb5/krb/in_tkt_pwd.c +++ b/src/lib/krb5/krb/in_tkt_pwd.c @@ -33,7 +33,7 @@ extern char *krb5_default_pwd_prompt1; */ krb5_error_code pwd_keyproc PROTOTYPE((krb5_context, - const krb5_enctype, + const krb5_keytype, krb5_data *, krb5_const_pointer, krb5_keyblock **)); @@ -41,7 +41,7 @@ krb5_error_code pwd_keyproc krb5_error_code pwd_keyproc(context, type, salt, keyseed, key) krb5_context context; - const krb5_enctype type; + const krb5_keytype type; krb5_data * salt; krb5_const_pointer keyseed; krb5_keyblock ** key; @@ -52,10 +52,10 @@ pwd_keyproc(context, type, salt, keyseed, key) krb5_data * password; int pwsize = sizeof(pwdbuf); - if (!valid_enctype(type)) - return KRB5_PROG_ETYPE_NOSUPP; + if (!valid_keytype(type)) + return KRB5_PROG_KEYTYPE_NOSUPP; - krb5_use_enctype(context, &eblock, type); + krb5_use_keytype(context, &eblock, type); password = (krb5_data *)keyseed; @@ -96,12 +96,12 @@ pwd_keyproc(context, type, salt, keyseed, key) returns system errors, encryption errors */ krb5_error_code INTERFACE -krb5_get_in_tkt_with_password(context, options, addrs, ktypes, pre_auth_types, +krb5_get_in_tkt_with_password(context, options, addrs, etypes, pre_auth_types, password, ccache, creds, ret_as_reply) krb5_context context; const krb5_flags options; krb5_address * const * addrs; - krb5_enctype * ktypes; + krb5_enctype * etypes; krb5_preauthtype * pre_auth_types; const char * password; krb5_ccache ccache; @@ -118,7 +118,7 @@ krb5_get_in_tkt_with_password(context, options, addrs, ktypes, pre_auth_types, data.length = 0; } - retval = krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, + retval = krb5_get_in_tkt(context, options, addrs, etypes, pre_auth_types, pwd_keyproc, (krb5_pointer) &data, krb5_kdc_rep_decrypt_proc, 0, creds, ccache, ret_as_reply); diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c index 9e4bea0..8cc03a0 100644 --- a/src/lib/krb5/krb/in_tkt_sky.c +++ b/src/lib/krb5/krb/in_tkt_sky.c @@ -39,7 +39,7 @@ struct skey_keyproc_arg { */ krb5_error_code skey_keyproc PROTOTYPE((krb5_context, - const krb5_enctype, + const krb5_keytype, krb5_data *, krb5_const_pointer, krb5_keyblock **)); @@ -47,7 +47,7 @@ krb5_error_code skey_keyproc krb5_error_code skey_keyproc(context, type, salt, keyseed, key) krb5_context context; - const krb5_enctype type; + const krb5_keytype type; krb5_data * salt; krb5_const_pointer keyseed; krb5_keyblock ** key; @@ -58,13 +58,13 @@ skey_keyproc(context, type, salt, keyseed, key) keyblock = (const krb5_keyblock *)keyseed; - if (!valid_enctype(type)) + if (!valid_keytype(type)) return KRB5_PROG_ETYPE_NOSUPP; if ((retval = krb5_copy_keyblock(context, keyblock, &realkey))) return retval; - if (realkey->enctype != type) { + if (realkey->keytype != type) { krb5_free_keyblock(context, realkey); return KRB5_PROG_ETYPE_NOSUPP; } @@ -95,12 +95,12 @@ skey_keyproc(context, type, salt, keyseed, key) */ krb5_error_code -krb5_get_in_tkt_with_skey(context, options, addrs, ktypes, pre_auth_types, +krb5_get_in_tkt_with_skey(context, options, addrs, etypes, pre_auth_types, key, ccache, creds, ret_as_reply) krb5_context context; const krb5_flags options; krb5_address * const * addrs; - krb5_enctype * ktypes; + krb5_enctype * etypes; krb5_preauthtype * pre_auth_types; const krb5_keyblock * key; krb5_ccache ccache; @@ -109,12 +109,12 @@ krb5_get_in_tkt_with_skey(context, options, addrs, ktypes, pre_auth_types, { if (key) - return krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, + return krb5_get_in_tkt(context, options, addrs, etypes, pre_auth_types, skey_keyproc, (krb5_pointer)key, krb5_kdc_rep_decrypt_proc, 0, creds, ccache, ret_as_reply); else - return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes, + return krb5_get_in_tkt_with_keytab(context, options, addrs, etypes, pre_auth_types, NULL, ccache, creds, ret_as_reply); } diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 88de370..00bf2d5 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -31,7 +31,6 @@ krb5_init_context(context) { krb5_context ctx; krb5_error_code retval; - int tmp; *context = 0; @@ -42,23 +41,14 @@ krb5_init_context(context) ctx->magic = KV5M_CONTEXT; /* Set the default encryption types, possible defined in krb5/conf */ - if ((retval = krb5_set_default_in_tkt_ktypes(ctx, NULL))) + if ((retval = krb5_set_default_in_tkt_etypes(ctx, NULL))) goto cleanup; if ((retval = krb5_os_init_context(ctx))) goto cleanup; + ctx->default_realm = 0; - profile_get_integer(ctx->profile, "libdefaults", - "clockskew", 0, 5 * 60, - &tmp); - ctx->clockskew = tmp; - ctx->kdc_req_sumtype = CKSUMTYPE_RSA_MD5; - ctx->kdc_default_options = KDC_OPT_RENEWABLE_OK; - profile_get_integer(ctx->profile, "libdefaults", - "kdc_timesync", 0, 0, - &tmp); - ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0; *context = ctx; return 0; @@ -74,8 +64,8 @@ krb5_free_context(ctx) { krb5_os_free_context(ctx); - if (ctx->ktypes) - free(ctx->ktypes); + if (ctx->etypes) + free(ctx->etypes); if (ctx->default_realm) free(ctx->default_realm); @@ -88,25 +78,25 @@ krb5_free_context(ctx) } /* - * Set the desired default ktypes, making sure they are valid. + * Set the desired default etypes, making sure they are valid. */ krb5_error_code -krb5_set_default_in_tkt_ktypes(context, ktypes) +krb5_set_default_in_tkt_etypes(context, etypes) krb5_context context; - const krb5_enctype *ktypes; + const krb5_enctype *etypes; { - krb5_enctype * new_ktypes; + krb5_enctype * new_etypes; int i; - if (ktypes) { - for (i = 0; ktypes[i]; i++) { - if (!valid_enctype(ktypes[i])) + if (etypes) { + for (i = 0; etypes[i]; i++) { + if (!valid_etype(etypes[i])) return KRB5_PROG_ETYPE_NOSUPP; } - /* Now copy the default ktypes into the context pointer */ - if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i))) - memcpy(new_ktypes, ktypes, sizeof(krb5_enctype) * i); + /* Now copy the default etypes into the context pointer */ + if ((new_etypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i))) + memcpy(new_etypes, etypes, sizeof(krb5_enctype) * i); else return ENOMEM; @@ -114,38 +104,38 @@ krb5_set_default_in_tkt_ktypes(context, ktypes) i = 2; /* Should reset the list to the runtime defaults */ - if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i))) { - new_ktypes[0] = ENCTYPE_DES_CBC_MD5; - new_ktypes[1] = ENCTYPE_DES_CBC_CRC; + if ((new_etypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * i))) { + new_etypes[0] = ETYPE_DES_CBC_MD5; + new_etypes[1] = ETYPE_DES_CBC_CRC; } else { return ENOMEM; } } - if (context->ktypes) - free(context->ktypes); - context->ktypes = new_ktypes; - context->ktype_count = i; + if (context->etypes) + free(context->etypes); + context->etypes = new_etypes; + context->etype_count = i; return 0; } krb5_error_code -krb5_get_default_in_tkt_ktypes(context, ktypes) +krb5_get_default_in_tkt_etypes(context, etypes) krb5_context context; - krb5_enctype **ktypes; + krb5_enctype **etypes; { - krb5_enctype * old_ktypes; + krb5_enctype * old_etypes; - if ((old_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * - (context->ktype_count + 1)))) { - memcpy(old_ktypes, context->ktypes, sizeof(krb5_enctype) * - context->ktype_count); - old_ktypes[context->ktype_count] = 0; + if ((old_etypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * + (context->etype_count + 1)))) { + memcpy(old_etypes, context->etypes, sizeof(krb5_enctype) * + context->etype_count); + old_etypes[context->etype_count] = 0; } else { return ENOMEM; } - *ktypes = old_ktypes; + *etypes = old_etypes; return 0; } diff --git a/src/lib/krb5/krb/kdc_rep_dc.c b/src/lib/krb5/krb/kdc_rep_dc.c index e9431ae..b1f9a7d 100644 --- a/src/lib/krb5/krb/kdc_rep_dc.c +++ b/src/lib/krb5/krb/kdc_rep_dc.c @@ -45,7 +45,7 @@ krb5_kdc_rep_decrypt_proc(context, key, decryptarg, dec_rep) krb5_data scratch; krb5_enc_kdc_rep_part *local_encpart; - if (!valid_enctype(dec_rep->enc_part.enctype)) + if (!valid_etype(dec_rep->enc_part.etype)) return KRB5_PROG_ETYPE_NOSUPP; /* set up scratch decrypt/decode area */ @@ -57,7 +57,7 @@ krb5_kdc_rep_decrypt_proc(context, key, decryptarg, dec_rep) /* put together an eblock for this encryption */ - krb5_use_enctype(context, &eblock, dec_rep->enc_part.enctype); + krb5_use_cstype(context, &eblock, dec_rep->enc_part.etype); /* do any necessary key pre-processing */ if ((retval = krb5_process_key(context, &eblock, key))) { diff --git a/src/lib/krb5/krb/krbconfig.c b/src/lib/krb5/krb/krbconfig.c index 7401bd3..f0ae06d 100644 --- a/src/lib/krb5/krb/krbconfig.c +++ b/src/lib/krb5/krb/krbconfig.c @@ -27,5 +27,5 @@ #include "k5-int.h" krb5_deltat krb5_clockskew = 5 * 60; /* five minutes */ -krb5_cksumtype krb5_kdc_req_sumtype = CKSUMTYPE_RSA_MD5; +krb5_cksumtype krb5_kdc_req_sumtype = CKSUMTYPE_RSA_MD4; krb5_flags krb5_kdc_default_options = KDC_OPT_RENEWABLE_OK; diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c index 5e399a1..9d2ef6d 100644 --- a/src/lib/krb5/krb/mk_cred.c +++ b/src/lib/krb5/krb/mk_cred.c @@ -31,7 +31,7 @@ encrypt_credencpart(context, pcredpart, pkeyblock, pencdata) krb5_encrypt_block eblock; krb5_data * scratch; - if (!valid_enctype(pkeyblock->enctype)) + if (!valid_etype(pkeyblock->etype)) return KRB5_PROG_ETYPE_NOSUPP; /* start by encoding to-be-encrypted part of the message */ @@ -41,9 +41,9 @@ encrypt_credencpart(context, pcredpart, pkeyblock, pencdata) /* put together an eblock for this encryption */ pencdata->kvno = 0; - pencdata->enctype = pkeyblock->enctype; + pencdata->etype = pkeyblock->etype; - krb5_use_enctype(context, &eblock, pkeyblock->enctype); + krb5_use_cstype(context, &eblock, pkeyblock->etype); pencdata->ciphertext.length = krb5_encrypt_size(scratch->length, eblock.crypto_entry); diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c index dabfd8d..cf535ff 100644 --- a/src/lib/krb5/krb/mk_priv.c +++ b/src/lib/krb5/krb/mk_priv.c @@ -46,11 +46,11 @@ krb5_mk_priv_basic(context, userdata, keyblock, replaydata, local_addr, krb5_priv_enc_part privmsg_enc_part; krb5_data *scratch1, *scratch2; - if (!valid_enctype(keyblock->enctype)) + if (!valid_etype(keyblock->etype)) return KRB5_PROG_ETYPE_NOSUPP; privmsg.enc_part.kvno = 0; /* XXX allow user-set? */ - privmsg.enc_part.enctype = keyblock->enctype; + privmsg.enc_part.etype = keyblock->etype; privmsg_enc_part.user_data = *userdata; privmsg_enc_part.s_address = local_addr; @@ -66,7 +66,7 @@ krb5_mk_priv_basic(context, userdata, keyblock, replaydata, local_addr, return retval; /* put together an eblock for this encryption */ - krb5_use_enctype(context, &eblock, keyblock->enctype); + krb5_use_cstype(context, &eblock, keyblock->etype); privmsg.enc_part.ciphertext.length = krb5_encrypt_size(scratch1->length, eblock.crypto_entry); /* add padding area, and zero it */ diff --git a/src/lib/krb5/krb/mk_rep.c b/src/lib/krb5/krb/mk_rep.c index b1c17b6..e1f31be 100644 --- a/src/lib/krb5/krb/mk_rep.c +++ b/src/lib/krb5/krb/mk_rep.c @@ -43,15 +43,21 @@ krb5_mk_rep(context, auth_context, outbuf) krb5_data * outbuf; { krb5_error_code retval; - krb5_enctype enctype; + krb5_keytype keytype; + krb5_enctype etype; krb5_ap_rep_enc_part repl; krb5_encrypt_block eblock; krb5_ap_rep reply; krb5_data * scratch; krb5_data * toutbuf; - /* verify a valid enctype is available */ - if (!valid_enctype(enctype = auth_context->keyblock->enctype)) + /* verify a valid etype is available */ + if (!valid_keytype(keytype = auth_context->keyblock->keytype)) + return KRB5_PROG_KEYTYPE_NOSUPP; + + etype = krb5_keytype_array[keytype]->system->proto_enctype; + + if (!valid_etype(etype)) return KRB5_PROG_ETYPE_NOSUPP; /* Make the reply */ @@ -73,8 +79,8 @@ krb5_mk_rep(context, auth_context, outbuf) return retval; /* put together an eblock for this encryption */ - krb5_use_enctype(context, &eblock, enctype); - reply.enc_part.enctype = enctype; + krb5_use_cstype(context, &eblock, etype); + reply.enc_part.etype = etype; reply.enc_part.kvno = 0; /* XXX user set? */ reply.enc_part.ciphertext.length = krb5_encrypt_size(scratch->length, diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index df97c2b..20d0da4 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -98,8 +98,8 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds, if ((retval = decode_krb5_ticket(&(in_creds)->ticket, &request.ticket))) return(retval); - /* verify a valid enctype is available */ - if (!valid_enctype(request.ticket->enc_part.enctype)) { + /* verify a valid etype is available */ + if (!valid_etype(request.ticket->enc_part.etype)) { retval = KRB5_PROG_ETYPE_NOSUPP; goto cleanup; } @@ -139,6 +139,7 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds, checksum.length = in_data->length; checksum.contents = (krb5_octet *) in_data->data; } else { + int T = krb5_checksum_size(context, (*auth_context)->cksumtype); /* Generate checksum, XXX What should the seed be? */ if ((checksum.contents = (krb5_octet *)malloc(krb5_checksum_size(context, (*auth_context)->cksumtype))) == NULL) { @@ -185,8 +186,8 @@ krb5_mk_req_extended(context, auth_context, ap_req_options, in_data, in_creds, /* put together an eblock for this encryption */ - krb5_use_enctype(context, &eblock, request.ticket->enc_part.enctype); - request.authenticator.enctype = request.ticket->enc_part.enctype; + krb5_use_cstype(context, &eblock, request.ticket->enc_part.etype); + request.authenticator.etype = request.ticket->enc_part.etype; request.authenticator.kvno = 0; request.authenticator.ciphertext.length = krb5_encrypt_size(scratch->length, eblock.crypto_entry); diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c index bcc4a83..e2ee12c 100644 --- a/src/lib/krb5/krb/parse.c +++ b/src/lib/krb5/krb/parse.c @@ -186,7 +186,7 @@ krb5_parse_name(context, name, nprincipal) else krb5_princ_component(context, principal, i)->length = size; if (i + 1 != components) { -#ifndef _WINDOWS +#if !defined(_WINDOWS) && !defined(_MACINTOSH) fprintf(stderr, "Programming error in krb5_parse_name!"); exit(1); diff --git a/src/lib/krb5/krb/preauth.c b/src/lib/krb5/krb/preauth.c index e41399a..6645976 100644 --- a/src/lib/krb5/krb/preauth.c +++ b/src/lib/krb5/krb/preauth.c @@ -122,7 +122,7 @@ krb5_obtain_padata(context, type, client, src_addr, encrypt_key, ret_data) retval = KRB5_PREAUTH_NO_KEY; goto error_out; } - krb5_use_enctype(context, &eblock, encrypt_key->enctype); + krb5_use_keytype(context, &eblock, encrypt_key->keytype); /* do any necessay key pre-processing */ retval = krb5_process_key(context, &eblock, encrypt_key); @@ -214,7 +214,7 @@ krb5_verify_padata(context, data,client,src_addr, decrypt_key, req_id, flags) if (!decrypt_key) return(EINVAL); - krb5_use_enctype(context, &eblock, decrypt_key->enctype); + krb5_use_keytype(context, &eblock, decrypt_key->keytype); scratch.length = data->length; if (!(scratch.data = (char *)malloc(scratch.length))) { diff --git a/src/lib/krb5/krb/rd_cred.c b/src/lib/krb5/krb/rd_cred.c index bb2398e..c8effba 100644 --- a/src/lib/krb5/krb/rd_cred.c +++ b/src/lib/krb5/krb/rd_cred.c @@ -23,11 +23,11 @@ decrypt_credencdata(context, pcred, pkeyblock, pcredenc) krb5_error_code retval; krb5_data scratch; - if (!valid_enctype(pcred->enc_part.enctype)) + if (!valid_etype(pcred->enc_part.etype)) return KRB5_PROG_ETYPE_NOSUPP; /* put together an eblock for this decryption */ - krb5_use_enctype(context, &eblock, pcred->enc_part.enctype); + krb5_use_cstype(context, &eblock, pcred->enc_part.etype); scratch.length = pcred->enc_part.ciphertext.length; if (!(scratch.data = (char *)malloc(scratch.length))) diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index 9dd975e..75df2f1 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -77,13 +77,13 @@ krb5_rd_priv_basic(context, inbuf, keyblock, local_addr, remote_addr, if ((retval = decode_krb5_priv(inbuf, &privmsg))) return retval; - if (!valid_enctype(privmsg->enc_part.enctype)) { + if (!valid_etype(privmsg->enc_part.etype)) { retval = KRB5_PROG_ETYPE_NOSUPP; goto cleanup_privmsg; } /* put together an eblock for this decryption */ - krb5_use_enctype(context, &eblock, privmsg->enc_part.enctype); + krb5_use_cstype(context, &eblock, privmsg->enc_part.etype); scratch.length = privmsg->enc_part.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) { diff --git a/src/lib/krb5/krb/rd_rep.c b/src/lib/krb5/krb/rd_rep.c index 9f811cd..4414215 100644 --- a/src/lib/krb5/krb/rd_rep.c +++ b/src/lib/krb5/krb/rd_rep.c @@ -60,11 +60,11 @@ krb5_rd_rep(context, auth_context, inbuf, repl) /* put together an eblock for this encryption */ - if (!valid_enctype(reply->enc_part.enctype)) { + if (!valid_etype(reply->enc_part.etype)) { krb5_free_ap_rep(context, reply); return KRB5_PROG_ETYPE_NOSUPP; } - krb5_use_enctype(context, &eblock, reply->enc_part.enctype); + krb5_use_cstype(context, &eblock, reply->enc_part.etype); scratch.length = reply->enc_part.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) { @@ -103,6 +103,7 @@ krb5_rd_rep(context, auth_context, inbuf, repl) /* Set auth subkey */ if ((*repl)->subkey) { + (*repl)->subkey->etype = reply->enc_part.etype; retval = krb5_copy_keyblock(context, (*repl)->subkey, &auth_context->remote_subkey); } diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index f6348c3..10e566a 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -70,18 +70,18 @@ krb5_rd_req_decrypt_tkt_part(context, req, keytab) { krb5_error_code retval; - krb5_enctype enctype; + krb5_keytype keytype; krb5_keytab_entry ktent; /* - * OK we know the encryption type req->ticket->enc_part.enctype, - * and now we need to get the enctype + * OK we know the encryption type req->ticket->enc_part.etype, + * and now we need to get the keytype */ - enctype = req->ticket->enc_part.enctype; + keytype = krb5_csarray[req->ticket->enc_part.etype]->system->proto_keytype; if ((retval = krb5_kt_get_entry(context, keytab, req->ticket->server, req->ticket->enc_part.kvno, - enctype, &ktent))) + keytype, &ktent))) return retval; if ((retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket))) @@ -301,12 +301,15 @@ decrypt_authenticator(context, request, authpp) sesskey = request->ticket->enc_part2->session; - if (!valid_enctype(sesskey->enctype)) - return KRB5_PROG_ETYPE_NOSUPP; + if (!valid_keytype(sesskey->keytype)) + return KRB5_PROG_KEYTYPE_NOSUPP; /* put together an eblock for this encryption */ - krb5_use_enctype(context, &eblock, request->authenticator.enctype); + if (!valid_etype(request->authenticator.etype)) + return KRB5_PROG_ETYPE_NOSUPP; + + krb5_use_cstype(context, &eblock, request->authenticator.etype); scratch.length = request->authenticator.ciphertext.length; if (!(scratch.data = malloc(scratch.length))) @@ -337,6 +340,8 @@ free(scratch.data);} /* now decode the decrypted stuff */ if (!(retval = decode_krb5_authenticator(&scratch, &local_auth))) { *authpp = local_auth; + if (local_auth->subkey) + local_auth->subkey->etype = request->authenticator.etype; } clean_scratch(); return retval; diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c index 1481c55..9716864 100644 --- a/src/lib/krb5/krb/send_tgs.c +++ b/src/lib/krb5/krb/send_tgs.c @@ -30,7 +30,7 @@ Sends a request to the TGS and waits for a response. options is used for the options in the KRB_TGS_REQ. timestruct values are used for from, till, rtime " " " - enctype is used for enctype " " ", and to encrypt the authorization data, + etype is used for etype " " ", and to encrypt the authorization data, sname is used for sname " " " addrs, if non-NULL, is used for addresses " " " authorization_dat, if non-NULL, is used for authorization_dat " " " @@ -105,8 +105,8 @@ krb5_send_tgs_basic(context, in_data, in_cred, outbuf) goto cleanup_data; /* put together an eblock for this encryption */ - krb5_use_enctype(context, &eblock, request.ticket->enc_part.enctype); - request.authenticator.enctype = request.ticket->enc_part.enctype; + krb5_use_cstype(context, &eblock, request.ticket->enc_part.etype); + request.authenticator.etype = request.ticket->enc_part.etype; request.authenticator.ciphertext.length = krb5_encrypt_size(scratch->length, eblock.crypto_entry); @@ -165,12 +165,12 @@ cleanup_scratch: } krb5_error_code -krb5_send_tgs(context, kdcoptions, timestruct, ktypes, sname, addrs, +krb5_send_tgs(context, kdcoptions, timestruct, etypes, sname, addrs, authorization_data, padata, second_ticket, in_cred, rep) krb5_context context; const krb5_flags kdcoptions; const krb5_ticket_times * timestruct; - const krb5_enctype * ktypes; + const krb5_enctype * etypes; krb5_const_principal sname; krb5_address * const * addrs; krb5_authdata * const * authorization_data; @@ -203,11 +203,17 @@ krb5_send_tgs(context, kdcoptions, timestruct, ktypes, sname, addrs, tgsreq.from = timestruct->starttime; tgsreq.till = timestruct->endtime; tgsreq.rtime = timestruct->renew_till; +#if 0 if ((retval = krb5_timeofday(context, &time_now))) return(retval); +#else +{long usec; + if ((retval = krb5_us_timeofday(context, &time_now, &usec))) + return(retval); +} +#endif /* XXX we know they are the same size... */ - rep->expected_nonce = tgsreq.nonce = (krb5_int32) time_now; - rep->request_time = time_now; + tgsreq.nonce = (krb5_int32) time_now; tgsreq.addresses = (krb5_address **) addrs; @@ -218,8 +224,8 @@ krb5_send_tgs(context, kdcoptions, timestruct, ktypes, sname, addrs, if ((retval = encode_krb5_authdata((const krb5_authdata**)authorization_data, &scratch))) return(retval); - krb5_use_enctype(context, &eblock, in_cred->keyblock.enctype); - tgsreq.authorization_data.enctype = in_cred->keyblock.enctype; + krb5_use_cstype(context, &eblock, in_cred->keyblock.etype); + tgsreq.authorization_data.etype = in_cred->keyblock.etype; tgsreq.authorization_data.kvno = 0; /* ticket session key has */ /* no version */ tgsreq.authorization_data.ciphertext.length = @@ -260,17 +266,17 @@ krb5_send_tgs(context, kdcoptions, timestruct, ktypes, sname, addrs, } /* Get the encryption types list */ - if (ktypes) { - /* Check passed ktypes and make sure they're valid. */ - for (tgsreq.nktypes = 0; ktypes[tgsreq.nktypes]; tgsreq.nktypes++) { - if (!valid_enctype(ktypes[tgsreq.nktypes])) + if (etypes) { + /* Check passed etypes and make sure they're valid. */ + for (tgsreq.netypes = 0; etypes[tgsreq.netypes]; tgsreq.netypes++) { + if (!valid_etype(etypes[tgsreq.netypes])) return KRB5_PROG_ETYPE_NOSUPP; } - tgsreq.ktype = (krb5_enctype *)ktypes; + tgsreq.etype = (krb5_enctype *)etypes; } else { - /* Get the default ktypes */ - krb5_get_default_in_tkt_ktypes(context, &(tgsreq.ktype)); - for(tgsreq.nktypes = 0; tgsreq.ktype[tgsreq.nktypes]; tgsreq.nktypes++); + /* Get the default etypes */ + krb5_get_default_in_tkt_etypes(context, &(tgsreq.etype)); + for(tgsreq.netypes = 0; tgsreq.etype[tgsreq.netypes]; tgsreq.netypes++); } if (second_ticket) { @@ -353,8 +359,8 @@ send_tgs_error_2:; krb5_free_ticket(context, sec_ticket); send_tgs_error_1:; - if (ktypes == NULL) - krb5_xfree(tgsreq.ktype); + if (etypes == NULL) + krb5_xfree(tgsreq.etype); if (tgsreq.authorization_data.ciphertext.data) { memset(tgsreq.authorization_data.ciphertext.data, 0, tgsreq.authorization_data.ciphertext.length); diff --git a/src/lib/krb5/krb/sendauth.c b/src/lib/krb5/krb/sendauth.c index 6ca38d9..631d861 100644 --- a/src/lib/krb5/krb/sendauth.c +++ b/src/lib/krb5/krb/sendauth.c @@ -137,8 +137,8 @@ krb5_sendauth(context, auth_context, } /* creds.times.endtime = 0; -- memset 0 takes care of this zero means "as long as possible" */ - /* creds.keyblock.enctype = 0; -- as well as this. - zero means no session enctype + /* creds.keyblock.keytype = 0; -- as well as this. + zero means no session keytype preference */ in_creds = &creds; } diff --git a/src/lib/krb5/krb/ser_actx.c b/src/lib/krb5/krb/ser_actx.c index ed15d12..0b0cdd4 100644 --- a/src/lib/krb5/krb/ser_actx.c +++ b/src/lib/krb5/krb/ser_actx.c @@ -100,7 +100,7 @@ krb5_auth_context_size(kcontext, arg, sizep) /* Calculate size required by i_vector - ptooey */ if (auth_context->i_vector && auth_context->keyblock) required += (size_t) - krb5_enctype_array[auth_context->keyblock->enctype]-> + krb5_keytype_array[auth_context->keyblock->keytype]-> system->block_length; /* Calculate size required by remote_addr, if appropriate */ @@ -225,7 +225,7 @@ krb5_auth_context_externalize(kcontext, arg, buffer, lenremain) /* Now figure out the number of bytes for i_vector and write it */ obuf = (!auth_context->i_vector) ? 0 : (krb5_int32) - krb5_enctype_array[auth_context->keyblock->enctype]-> + krb5_keytype_array[auth_context->keyblock->keytype]-> system->block_length; (void) krb5_ser_pack_int32(obuf, &bp, &remain); diff --git a/src/lib/krb5/krb/ser_ctx.c b/src/lib/krb5/krb/ser_ctx.c index 695c43c..d1c296b 100644 --- a/src/lib/krb5/krb/ser_ctx.c +++ b/src/lib/krb5/krb/ser_ctx.c @@ -105,8 +105,8 @@ krb5_context_size(kcontext, arg, sizep) * krb5_int32 for KV5M_CONTEXT * krb5_int32 for sizeof(default_realm) * strlen(default_realm) for default_realm. - * krb5_int32 for nktypes*sizeof(krb5_int32) - * nktypes*sizeof(krb5_int32) for ktypes. + * krb5_int32 for netypes*sizeof(krb5_int32) + * netypes*sizeof(krb5_int32) for etypes. * krb5_int32 for trailer. */ kret = EINVAL; @@ -116,7 +116,7 @@ krb5_context_size(kcontext, arg, sizep) sizeof(krb5_int32) + sizeof(krb5_int32) + sizeof(krb5_int32) + - (context->ktype_count * sizeof(krb5_int32))); + (context->etype_count * sizeof(krb5_int32))); if (context->default_realm) required += strlen(context->default_realm); @@ -187,13 +187,13 @@ krb5_context_externalize(kcontext, arg, buffer, lenremain) strlen(context->default_realm), &bp, &remain); - /* Now number of ktypes */ - (void) krb5_ser_pack_int32((krb5_int32) context->ktype_count, + /* Now number of etypes */ + (void) krb5_ser_pack_int32((krb5_int32) context->etype_count, &bp, &remain); - /* Now serialize ktypes */ - for (i=0; i<context->ktype_count; i++) - (void) krb5_ser_pack_int32((krb5_int32) context->ktypes[i], + /* Now serialize etypes */ + for (i=0; i<context->etype_count; i++) + (void) krb5_ser_pack_int32((krb5_int32) context->etypes[i], &bp, &remain); kret = 0; @@ -280,22 +280,22 @@ krb5_context_internalize(kcontext, argp, buffer, lenremain) context->default_realm[ibuf] = '\0'; } - /* Get the number of ktypes */ + /* Get the number of etypes */ if (!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) { /* Reduce it to a count */ - context->ktype_count = ibuf; - if ((context->ktypes = (krb5_enctype *) + context->etype_count = ibuf; + if ((context->etypes = (krb5_enctype *) malloc(sizeof(krb5_enctype) * - (context->ktype_count+1)))) { - memset(context->ktypes, + (context->etype_count+1)))) { + memset(context->etypes, 0, sizeof(krb5_enctype) * - (context->ktype_count + 1)); - for (i=0; i<context->ktype_count; i++) { + (context->etype_count + 1)); + for (i=0; i<context->etype_count; i++) { if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) break; - context->ktypes[i] = (krb5_enctype) ibuf; + context->etypes[i] = (krb5_enctype) ibuf; } } } @@ -448,7 +448,6 @@ krb5_oscontext_internalize(kcontext, argp, buffer, lenremain) malloc(sizeof(struct _krb5_os_context))) && (remain >= 4*sizeof(krb5_int32))) { memset(os_ctx, 0, sizeof(struct _krb5_os_context)); - os_ctx->magic = KV5M_OS_CONTEXT; /* Read out our context */ (void) krb5_ser_unpack_int32(&os_ctx->time_offset, &bp, &remain); @@ -461,7 +460,8 @@ krb5_oscontext_internalize(kcontext, argp, buffer, lenremain) kret = 0; *buffer = bp; *lenremain = remain; - } else + } + else kret = EINVAL; } } diff --git a/src/lib/krb5/krb/ser_eblk.c b/src/lib/krb5/krb/ser_eblk.c index 20b3da6..791963e 100644 --- a/src/lib/krb5/krb/ser_eblk.c +++ b/src/lib/krb5/krb/ser_eblk.c @@ -63,13 +63,14 @@ krb5_encrypt_block_size(kcontext, arg, sizep) size_t required; /* - * NOTE: This ASSuMES that enctype are sufficient to recreate + * NOTE: This ASSuMES that keytype and etype are sufficient to recreate * the _krb5_cryptosystem_entry. If this is not true, then something else * had better be encoded here. * * krb5_encrypt_block base requirements: * krb5_int32 for KV5M_ENCRYPT_BLOCK - * krb5_int32 for enctype + * krb5_int32 for keytype + * krb5_int32 for etype; * krb5_int32 for private length * encrypt_block->priv_size for private contents * krb5_int32 for KV5M_ENCRYPT_BLOCK @@ -122,7 +123,12 @@ krb5_encrypt_block_externalize(kcontext, arg, buffer, lenremain) /* Our identifier */ (void) krb5_ser_pack_int32(KV5M_ENCRYPT_BLOCK, &bp, &remain); - /* Our enctype */ + /* Our keytype */ + (void) krb5_ser_pack_int32((krb5_int32) encrypt_block-> + crypto_entry->proto_keytype, + &bp, &remain); + + /* Our etype */ (void) krb5_ser_pack_int32((krb5_int32) encrypt_block-> crypto_entry->proto_enctype, &bp, &remain); @@ -171,7 +177,8 @@ krb5_encrypt_block_internalize(kcontext, argp, buffer, lenremain) krb5_error_code kret; krb5_encrypt_block *encrypt_block; krb5_int32 ibuf; - krb5_enctype ktype; + krb5_keytype ktype; + krb5_enctype etype; krb5_octet *bp; size_t remain; @@ -190,12 +197,20 @@ krb5_encrypt_block_internalize(kcontext, argp, buffer, lenremain) malloc(sizeof(krb5_encrypt_block)))) { memset(encrypt_block, 0, sizeof(krb5_encrypt_block)); - /* Get the enctype */ + /* Get the keytype */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ktype = (krb5_keytype) ibuf; + + /* Get the etype */ (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ktype = (krb5_enctype) ibuf; + etype = (krb5_enctype) ibuf; - /* Use the ktype to determine the crypto_system entry. */ - krb5_use_enctype(kcontext, encrypt_block, ktype); + /* + * Use the etype to determine the crypto_system entry. In the + * future, we may need to use a combination of keytype/etype or + * just keytype here. + */ + krb5_use_cstype(kcontext, encrypt_block, etype); /* Get the length */ (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); diff --git a/src/lib/krb5/krb/ser_key.c b/src/lib/krb5/krb/ser_key.c index d999647..eacbf01 100644 --- a/src/lib/krb5/krb/ser_key.c +++ b/src/lib/krb5/krb/ser_key.c @@ -64,7 +64,8 @@ krb5_keyblock_size(kcontext, arg, sizep) /* * krb5_keyblock requires: * krb5_int32 for KV5M_KEYBLOCK - * krb5_int32 for enctype + * krb5_int32 for keytype + * krb5_int32 for etype; * krb5_int32 for length * keyblock->length for contents * krb5_int32 for KV5M_KEYBLOCK @@ -109,8 +110,12 @@ krb5_keyblock_externalize(kcontext, arg, buffer, lenremain) /* Our identifier */ (void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain); - /* Our enctype */ - (void) krb5_ser_pack_int32((krb5_int32) keyblock->enctype, + /* Our keytype */ + (void) krb5_ser_pack_int32((krb5_int32) keyblock->keytype, + &bp, &remain); + + /* Our etype */ + (void) krb5_ser_pack_int32((krb5_int32) keyblock->etype, &bp, &remain); /* Our length */ @@ -163,9 +168,13 @@ krb5_keyblock_internalize(kcontext, argp, buffer, lenremain) (keyblock = (krb5_keyblock *) malloc(sizeof(krb5_keyblock)))) { memset(keyblock, 0, sizeof(krb5_keyblock)); - /* Get the enctype */ + /* Get the keytype */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + keyblock->keytype = (krb5_keytype) ibuf; + + /* Get the etype */ (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - keyblock->enctype = (krb5_enctype) ibuf; + keyblock->etype = (krb5_enctype) ibuf; /* Get the length */ (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c index c02925d..ad635d9 100644 --- a/src/lib/krb5/krb/t_ser.c +++ b/src/lib/krb5/krb/t_ser.c @@ -293,7 +293,8 @@ ser_acontext_test(kcontext, verbose) KV5M_AUTH_CONTEXT))) { memset(&ukeyblock, 0, sizeof(ukeyblock)); memset(keydata, 0, sizeof(keydata)); - ukeyblock.enctype = ENCTYPE_DES_CBC_MD5; + ukeyblock.keytype = KEYTYPE_DES; + ukeyblock.etype = ETYPE_DES_CBC_MD5; ukeyblock.length = sizeof(keydata); ukeyblock.contents = keydata; keydata[0] = 0xde; @@ -509,7 +510,7 @@ ser_eblock_test(kcontext, verbose) memset(&eblock, 0, sizeof(krb5_encrypt_block)); eblock.magic = KV5M_ENCRYPT_BLOCK; - krb5_use_enctype(kcontext, &eblock, DEFAULT_KDC_ENCTYPE); + krb5_use_cstype(kcontext, &eblock, DEFAULT_KDC_ETYPE); if (!(kret = ser_data(verbose, "> NULL eblock", (krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) { eblock.priv = (krb5_pointer) ser_eblock_test; @@ -519,7 +520,8 @@ ser_eblock_test(kcontext, verbose) KV5M_ENCRYPT_BLOCK))) { memset(&ukeyblock, 0, sizeof(ukeyblock)); memset(keydata, 0, sizeof(keydata)); - ukeyblock.enctype = ENCTYPE_DES_CBC_MD5; + ukeyblock.keytype = KEYTYPE_DES; + ukeyblock.etype = ETYPE_DES_CBC_MD5; ukeyblock.length = sizeof(keydata); ukeyblock.contents = keydata; keydata[0] = 0xde; diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c index 0ff3cf8..fc9cc7a 100644 --- a/src/lib/krb5/krb/unparse.c +++ b/src/lib/krb5/krb/unparse.c @@ -184,4 +184,3 @@ krb5_unparse_name(context, principal, name) return(krb5_unparse_name_ext(context, principal, name, NULL)); } - diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog index 23aec16..6946431 100644 --- a/src/lib/krb5/os/ChangeLog +++ b/src/lib/krb5/os/ChangeLog @@ -1,3 +1,41 @@ +Sun Sep 10 12:00:00 1995 James Mattly <mattly@fusion.com> + + * ustime.c: use the version of getTimeZoneOffset in :os:crypto: for + _MACINTOSH. + +Wed Sep 6 12:00:00 1995 James Mattly <mattly@fusion.com> + + * localaddr.c changed name to oslocaladdr.c for metrowerks project + file management. + + * ustime.c: changed mac version of krb5_crypto_us_timeofday to compile + with contemporary header files for metrowerks + + * macsock.c: added tcp stream support to suppliment the udp. Added + getsockname. Fixed gethostname to stop appending '.' to the + end of a connonical hostname. + + * net_write.c: need to cast file descriptors to SOCKETs + + * net_read.c: need to cast file descriptors to SOCKETs + + * krbfileio.c: mac doesn't support fsync, define the usage out + + * init_os_cxt.c: move the default location of the krb conf file to + the preferences folder. Added some routines to take a + mac FSSpec and turn it into a mac pathname string. + + * hst_realm.c: assign a NULL to retrealms to clean up a warning. + + * genaddrs.c: support getsockname from macsock + + * ccdefname.c: move the cred cache to the preferneces folder for mac + + * an_to_ln.c: turn functions off because I don't have a dbm library + + * timeofday.c: make krb5_timeofday use krb5_crypto_us_timeofday to + incorperate the epoch difference between mac and unix. + Fri Sep 1 00:47:27 1995 Theodore Y. Ts'o <tytso@dcl> * Makefile.in (check-unix): Add a test case to make sure diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c index 73c7fe8..c0c72fb 100644 --- a/src/lib/krb5/os/an_to_ln.c +++ b/src/lib/krb5/os/an_to_ln.c @@ -108,7 +108,7 @@ db_an_to_ln(context, dbname, aname, lnsize, lname) const int lnsize; char *lname; { -#if defined(BERK_DB_DBM) || !defined(_WINDOWS) +#if defined(BERK_DB_DBM) || (!defined(_WINDOWS) && !defined(_MACINTOSH)) DBM *db; krb5_error_code retval; datum key, contents; diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c index fa794ca..197ab32 100644 --- a/src/lib/krb5/os/ccdefname.c +++ b/src/lib/krb5/os/ccdefname.c @@ -28,6 +28,61 @@ #include "k5-int.h" #include <stdio.h> +#ifdef _MACINTOSH +static CInfoPBRec theCatInfo; +static char *FileBuffer; +static int indexCount; +static FSSpec theWorkingFile; + +static char* +GetDirName(short vrefnum, long dirid, char *dststr) +{ +CInfoPBRec theCatInfo; +FSSpec theParDir; +char str[37]; +char *curstr; +OSErr err; + // Get info on the directory itself, it's name and it's parent + theCatInfo.dirInfo.ioCompletion = NULL; + theCatInfo.dirInfo.ioNamePtr = (StringPtr) str; + theCatInfo.dirInfo.ioVRefNum = vrefnum; + theCatInfo.dirInfo.ioFDirIndex = -1; + theCatInfo.dirInfo.ioDrDirID = dirid; + err = PBGetCatInfo(&theCatInfo, FALSE); + + // If I'm looking at the root directory and I've tried going up once + // start returning down the call chain + if (err != noErr || (dirid == 2 && theCatInfo.hFileInfo.ioFlParID == 2)) + return dststr; + + // Construct a file spec for the parent + curstr = GetDirName(theCatInfo.dirInfo.ioVRefNum, theCatInfo.hFileInfo.ioFlParID, dststr); + + // Copy the pascal string to the end of a C string + BlockMoveData(&str[1], curstr, str[0]); + curstr += str[0]; + *curstr++ = ':'; + + // return a pointer to the end of the string (for someone below to append to) + return curstr; +} + +static void +GetPathname(FSSpec *theFile, char *dststr) +{ +FSSpec theParDir; +char *curstr; +OSErr err; + + // Start crawling up the directory path recursivly + curstr = GetDirName(theFile->vRefNum, theFile->parID, dststr); + BlockMoveData(&theFile->name[1], curstr, theFile->name[0]); + curstr += theFile->name[0]; + *curstr = 0; +} +#endif + + char * krb5_cc_default_name(context) krb5_context context; @@ -38,7 +93,19 @@ krb5_cc_default_name(context) if (name == 0) { #ifdef HAVE_MACSOCK_H - strcpy (name_buf, "STDIO:krb5cc"); +{ +short vRefnum; +long parID; +OSErr theErr; +FSSpec krbccSpec; +char pathbuf[255]; + + theErr = FindFolder(kOnSystemDisk, kPreferencesFolderType, kDontCreateFolder, &vRefnum, &parID); + FSMakeFSSpec(vRefnum, parID, "\pkrb5cc", &krbccSpec); + GetPathname(&krbccSpec, &pathbuf); + sprintf(name_buf, "STDIO:%s", pathbuf); +// strcpy (name_buf, "STDIO:krb5cc"); +} #else #ifdef _WINDOWS { diff --git a/src/lib/krb5/os/genaddrs.c b/src/lib/krb5/os/genaddrs.c index 1b94e51..d808178 100644 --- a/src/lib/krb5/os/genaddrs.c +++ b/src/lib/krb5/os/genaddrs.c @@ -36,7 +36,8 @@ krb5_error_code INTERFACE krb5_auth_con_genaddrs(context, auth_context, fd, flags) krb5_context context; krb5_auth_context auth_context; - int fd, flags; + SOCKET fd; + int flags; { krb5_error_code retval; krb5_address * laddr; diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index 5ecbd6e..2de8111 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -83,7 +83,7 @@ krb5_get_host_realm(context, host, realmsp) const char *host; char ***realmsp; { - char **retrealms; + char **retrealms = NULL; char *domain, *default_realm, *realm, *cp; krb5_error_code retval; int l; diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c index 08fe13e..1f96f4c 100644 --- a/src/lib/krb5/os/init_os_ctx.c +++ b/src/lib/krb5/os/init_os_ctx.c @@ -26,6 +26,75 @@ #define NEED_WINDOWS #include "k5-int.h" +#ifdef _MACINTOSH +static CInfoPBRec theCatInfo; +static char *FileBuffer; +static int indexCount; +static FSSpec theWorkingFile; + +static char* +GetDirName(short vrefnum, long dirid, char *dststr) +{ +CInfoPBRec theCatInfo; +FSSpec theParDir; +char str[37]; +char *curstr; +OSErr err; + // Get info on the directory itself, it's name and it's parent + theCatInfo.dirInfo.ioCompletion = NULL; + theCatInfo.dirInfo.ioNamePtr = (StringPtr) str; + theCatInfo.dirInfo.ioVRefNum = vrefnum; + theCatInfo.dirInfo.ioFDirIndex = -1; + theCatInfo.dirInfo.ioDrDirID = dirid; + err = PBGetCatInfo(&theCatInfo, FALSE); + + // If I'm looking at the root directory and I've tried going up once + // start returning down the call chain + if (err != noErr || (dirid == 2 && theCatInfo.hFileInfo.ioFlParID == 2)) + return dststr; + + // Construct a file spec for the parent + curstr = GetDirName(theCatInfo.dirInfo.ioVRefNum, theCatInfo.hFileInfo.ioFlParID, dststr); + + // Copy the pascal string to the end of a C string + BlockMoveData(&str[1], curstr, str[0]); + curstr += str[0]; + *curstr++ = ':'; + + // return a pointer to the end of the string (for someone below to append to) + return curstr; +} + +static void +GetPathname(FSSpec *theFile, char *dststr) +{ +FSSpec theParDir; +char *curstr; +OSErr err; + + // Start crawling up the directory path recursivly + curstr = GetDirName(theFile->vRefNum, theFile->parID, dststr); + BlockMoveData(&theFile->name[1], curstr, theFile->name[0]); + curstr += theFile->name[0]; + *curstr = 0; +} + +char* +GetMacProfilePathName(void) +{ +short vRefnum; +long parID; +OSErr theErr; +FSSpec krbSpec; +char pathbuf[255]; + + theErr = FindFolder(kOnSystemDisk, kPreferencesFolderType, kDontCreateFolder, &vRefnum, &parID); + FSMakeFSSpec(vRefnum, parID, "\pkrb5.ini", &krbSpec); + GetPathname(&krbSpec, &pathbuf); + return strdup(pathbuf); +} +#endif + krb5_error_code krb5_os_init_context(ctx) krb5_context ctx; @@ -67,7 +136,10 @@ krb5_os_init_context(ctx) } #else /* _WINDOWS */ - +#ifdef _MACINTOSH + filenames[0] = GetMacProfilePathName(); + filenames[1] = 0; +#else /* * When the profile routines are later enhanced, we will try * including a config file from user's home directory here. @@ -75,7 +147,7 @@ krb5_os_init_context(ctx) name = getenv("KRB5_CONFIG"); filenames[0] = name ? name : DEFAULT_PROFILE_FILENAME; filenames[1] = 0; - +#endif /* _MACINTOSH */ #endif /* _WINDOWS */ retval = profile_init(filenames, &ctx->profile); diff --git a/src/lib/krb5/os/krbfileio.c b/src/lib/krb5/os/krbfileio.c index 8f94faa..cd2a511 100644 --- a/src/lib/krb5/os/krbfileio.c +++ b/src/lib/krb5/os/krbfileio.c @@ -96,7 +96,7 @@ krb5_sync_disk_file(context, fp) FILE *fp; { fflush(fp); -#ifndef MSDOS_FILESYSTEM +#if !defined(MSDOS_FILESYSTEM) && !defined(_MACINTOSH) if (fsync(fileno(fp))) { return errno; } diff --git a/src/lib/krb5/os/macsock.c b/src/lib/krb5/os/macsock.c index ef25cd1..8fcf4c7 100644 --- a/src/lib/krb5/os/macsock.c +++ b/src/lib/krb5/os/macsock.c @@ -36,9 +36,15 @@ /* MacTCP headers from Apple */ #include "MacTCPCommonTypes.h" #include "UDPPB.h" +#include "TCPPB.h" #include "AddressXlation.h" /* MacTCP Domain name resolver decls */ #include "GetMyIPAddr.h" /* Like it sez... */ +typedef union { + UDPiopb udppb; + TCPiopb tcppb; +} sockunion; + /* This WinSock-ism is just too ugly to use everywhere. */ #define SOCKET_SET_ERRNO WSASetLastError @@ -53,6 +59,8 @@ Cygnus Support (email info@cygnus.com).", UDPbuflen, /* iMaxUDPDg, max datagram size */ 0 /* lpVendorInfo, nonexistent */ }; + +#define kMaxIPPOpenTries 3 /* This variable implements a kludge in which select() always says that sockets are ready for I/O, but recvfrom() actually implements the @@ -94,14 +102,16 @@ socket(af, type, protocol) { SOCKET theUDP; short refNum; - UDPiopb pb; +// UDPiopb pb; + sockunion pb; OSErr err; + int tries; if (af != AF_INET) { SOCKET_SET_ERRNO (EINVAL); return INVALID_SOCKET; } - if (type != SOCK_DGRAM) { + if (type != SOCK_DGRAM && type != SOCK_STREAM) { SOCKET_SET_ERRNO (EINVAL); return INVALID_SOCKET; } @@ -116,34 +126,62 @@ socket(af, type, protocol) return INVALID_SOCKET; } - err = OpenDriver( "\p.IPP", &refNum ); + err = -1; + for(tries=0;tries<kMaxIPPOpenTries && err != noErr;tries++) + { + err = OpenDriver( "\p.IPP", &refNum ); + } if (err) { free (theUDP); SOCKET_SET_ERRNO (EIO); return INVALID_SOCKET; } theUDP->fMacTCPRef = refNum; - - /* Set up param blocks and create the socket (called a - stream by MacTCP). */ - pb.ioCRefNum = theUDP->fMacTCPRef; - pb.csCode = UDPCreate; - pb.csParam.create.rcvBuff = theUDP->fRecvBuf; - pb.csParam.create.rcvBuffLen = UDPbuflen; - pb.csParam.create.notifyProc = NULL; - pb.csParam.create.localPort = 0; - - err = PBControl( (ParamBlockRec *) &pb, false ); - if (err) { - free (theUDP); - SOCKET_SET_ERRNO (EIO); - return INVALID_SOCKET; + theUDP->fType = type; + switch(theUDP->fType) + { + case SOCK_DGRAM: + /* Set up param blocks and create the socket (called a + stream by MacTCP). */ + pb.udppb.ioCRefNum = theUDP->fMacTCPRef; + pb.udppb.csCode = UDPCreate; + pb.udppb.csParam.create.rcvBuff = theUDP->fRecvBuf; + pb.udppb.csParam.create.rcvBuffLen = UDPbuflen; + pb.udppb.csParam.create.notifyProc = NULL; + pb.udppb.csParam.create.localPort = 0; + + err = PBControl( (ParamBlockRec *) &pb.udppb, false ); + if (err) { + free (theUDP); + SOCKET_SET_ERRNO (EIO); + return INVALID_SOCKET; + } + theUDP->fStream = (unsigned long)pb.udppb.udpStream; + + theUDP->connect_addr.sin_family = 0; + theUDP->connect_addr.sin_port = 0; + theUDP->connect_addr.sin_addr.s_addr = 0; + break; + + case SOCK_STREAM: + pb.tcppb.ioCRefNum = theUDP->fMacTCPRef; + pb.tcppb.csCode = TCPCreate; + pb.tcppb.csParam.create.rcvBuff = theUDP->fRecvBuf; + pb.tcppb.csParam.create.rcvBuffLen = UDPbuflen; + pb.tcppb.csParam.create.notifyProc = NULL; + err = PBControl((ParamBlockRec *)&pb,false); + if (err) { + free(theUDP); + SOCKET_SET_ERRNO (EIO); + return INVALID_SOCKET; + } + theUDP->fStream = (unsigned long)pb.tcppb.tcpStream; + + theUDP->connect_addr.sin_family = 0; + theUDP->connect_addr.sin_port = 0; + theUDP->connect_addr.sin_addr.s_addr = 0; + break; } - theUDP->fStream = (unsigned long)pb.udpStream; - - theUDP->connect_addr.sin_family = 0; - theUDP->connect_addr.sin_port = 0; - theUDP->connect_addr.sin_addr.s_addr = 0; return theUDP; } @@ -152,14 +190,29 @@ int closesocket (theUDP) SOCKET theUDP; { - UDPiopb pb; - - if (theUDP->fStream) { - pb.ioCRefNum = theUDP->fMacTCPRef; - pb.csCode = UDPRelease; - pb.udpStream = (StreamPtr) theUDP->fStream; - - (void) PBControl( (ParamBlockRec *) &pb, false ); +// UDPiopb pb; + sockunion pb; + + switch(theUDP->fType) + { + case SOCK_DGRAM: + if (theUDP->fStream) { + pb.udppb.ioCRefNum = theUDP->fMacTCPRef; + pb.udppb.csCode = UDPRelease; + pb.udppb.udpStream = (StreamPtr) theUDP->fStream; + + (void) PBControl( (ParamBlockRec *) &pb.udppb, false ); + } + break; + case SOCK_STREAM: + if (theUDP->fStream) { + pb.tcppb.ioCRefNum = theUDP->fMacTCPRef; + pb.tcppb.csCode = TCPRelease; + pb.tcppb.tcpStream = (StreamPtr) theUDP->fStream; + + (void) PBControl( (ParamBlockRec *) &pb.tcppb, false ); + } + break; } free(theUDP); @@ -323,22 +376,55 @@ recvfrom (theUDP, buf, len, flags, from_param, fromlen) sendto, recvfrom. We happily fake this too... */ int -connect (s, to, tolen) +connect (s, addr, tolen) SOCKET s; - struct sockaddr *to; + struct sockaddr *addr; int tolen; { - + sockunion pb; + OSErr err; + if (tolen != sizeof (struct sockaddr_in)) { SOCKET_SET_ERRNO (EINVAL); return SOCKET_ERROR; } - if (to->sin_family != AF_INET) { + if (addr->sin_family != AF_INET) { SOCKET_SET_ERRNO (EINVAL); return SOCKET_ERROR; } - s->connect_addr = *to; /* Save the connect address */ + s->connect_addr = *addr; /* Save the connect address */ + switch(s->fType) + { + case SOCK_DGRAM: + break; + case SOCK_STREAM: + pb.tcppb.ioCRefNum = s->fMacTCPRef; + pb.tcppb.csCode = TCPActiveOpen; + pb.tcppb.csParam.open.validityFlags = timeoutValue | timeoutAction; + pb.tcppb.csParam.open.ulpTimeoutValue = 60 /* seconds */; + pb.tcppb.csParam.open.ulpTimeoutAction = 1 /* 1:abort 0:report */; + pb.tcppb.csParam.open.commandTimeoutValue = 0; + pb.tcppb.csParam.open.remoteHost = addr->sin_addr.s_addr; + pb.tcppb.csParam.open.remotePort = addr->sin_port; + pb.tcppb.csParam.open.localHost = 0; + pb.tcppb.csParam.open.localPort = 0; /* we'll get the port back later */ + pb.tcppb.csParam.open.dontFrag = 0; + pb.tcppb.csParam.open.timeToLive = 0; + pb.tcppb.csParam.open.security = 0; + pb.tcppb.csParam.open.optionCnt = 0; + pb.tcppb.tcpStream = s->fStream; + err = PBControl((ParamBlockRec *)&pb.tcppb,false); + if (err) { + SOCKET_SET_ERRNO (EINVAL); + return SOCKET_ERROR; + } + + s->connect_addr.sin_addr.s_addr = pb.tcppb.csParam.open.localHost; + s->connect_addr.sin_port = pb.tcppb.csParam.open.localPort; + + break; + } return 0; } @@ -350,13 +436,32 @@ recv (theUDP, buf, len, flags) int len; int flags; { + sockunion pb; struct sockaddr_in from; int fromlen; + OSErr err; - fromlen = sizeof(from); - return recvfrom (theUDP, buf, len, flags, &from, &fromlen); - /* We could check if the packet is from the right place, but - it isn't clear this is required, so punt. */ + switch(theUDP->fType) + { + case SOCK_DGRAM: + fromlen = sizeof(from); + return recvfrom (theUDP, buf, len, flags, &from, &fromlen); + /* We could check if the packet is from the right place, but + it isn't clear this is required, so punt. */ + case SOCK_STREAM: + pb.tcppb.ioCRefNum = theUDP->fMacTCPRef; + pb.tcppb.csCode = TCPRcv; + pb.tcppb.csParam.receive.commandTimeoutValue = 0 /* infinity */; + pb.tcppb.csParam.receive.rcvBuff = buf; + pb.tcppb.csParam.receive.rcvBuffLen = len; + pb.tcppb.tcpStream = theUDP->fStream; + err = PBControl((ParamBlockRec *)&pb.tcppb,false); + if (err) { + SOCKET_SET_ERRNO (EIO); + return SOCKET_ERROR; + } + return pb.tcppb.csParam.receive.rcvBuffLen; + } } /* Send a packet to a UDP peer. */ @@ -367,8 +472,36 @@ send (theUDP, buf, len, flags) const int len; int flags; { - return sendto (theUDP, buf, len, flags, - &theUDP->connect_addr, sizeof(theUDP->connect_addr)); + OSErr err; + sockunion pb; + wdsEntry wds[2]; + + switch(theUDP->fType) + { + case SOCK_DGRAM: + return sendto (theUDP, buf, len, flags, + &theUDP->connect_addr, sizeof(theUDP->connect_addr)); + + case SOCK_STREAM: + wds[0].length = len; + wds[0].ptr = (char *) buf; + wds[1].length = 0; + pb.tcppb.ioCRefNum = theUDP->fMacTCPRef; + pb.tcppb.csCode = TCPSend; + pb.tcppb.csParam.send.validityFlags = timeoutValue | timeoutAction; + pb.tcppb.csParam.send.ulpTimeoutValue = 60 /* seconds */; + pb.tcppb.csParam.send.ulpTimeoutAction = 1 /* 1:abort 0:report */; + pb.tcppb.csParam.send.pushFlag = true; + pb.tcppb.csParam.send.urgentFlag = false; + pb.tcppb.csParam.send.wdsPtr = (Ptr) wds; + pb.tcppb.tcpStream = theUDP->fStream; + err = PBControl((ParamBlockRec *)&pb.tcppb,false); + if (err) { + SOCKET_SET_ERRNO (EIO); + return SOCKET_ERROR; + } + return len; + } } /* @@ -427,6 +560,13 @@ gethostbyname (char *hostname) if (err != noErr) { return 0; } + /* take off a period from the end of the connonical host name */ + { + int hostnamelen = strlen(host.cname); + if (host.cname[hostnamelen-1] == '.') + host.cname[hostnamelen-1] = 0; + } + /* Build result in hostent structure, which we will return to caller. */ @@ -506,7 +646,7 @@ getmyipaddr () int err; sock = socket (AF_INET, SOCK_DGRAM, 0); - if (!sock) + if (sock == INVALID_SOCKET) return 0; pb.ioCRefNum = sock->fMacTCPRef; pb.csCode = ipctlGetAddr; @@ -528,14 +668,48 @@ getmyipaddr () ipaddr_ptrs[0] = (char*) ourAddr.s_addr; ipaddr_ptrs[1] = 0; + closesocket (sock); + return &result; } +#define MACHOSTNAME "unknownmac" + int gethostname(char *name, int namelen) { - return -1; +short int refnum; +int err; +ip_addr ipaddr; +struct hostent *hp; +struct GetAddrParamBlock pb; + +/* get my ip address from mactcp */ + err = OpenDriver( "\p.IPP", &refnum ); + pb.ioCRefNum = refnum; + pb.csCode = ipctlGetAddr; + err = PBControl( (ParamBlockRec *) &pb, false ); + if (err) { + SOCKET_SET_ERRNO (EIO); + return 0; + } +/*jfm we never close this driver */ + +/* from that address find my name by asking the nameserver to resolve + * the name from an address + */ + ipaddr = pb.ourAddress; + hp = gethostbyaddr((char*) &ipaddr, sizeof(ip_addr), AF_INET); + if( hp == NULL) + strcpy( name, MACHOSTNAME); /* give the default name */ + else + { + strncpy( name, hp->h_name, namelen); /* use the name given */ + name[namelen-1] = 0; /* terminate the string just in case */ + } + + return 0; } #if 0 @@ -560,7 +734,7 @@ gethostname(char *name, int namelen) struct sockaddr_in hostaddr; sock = socket (AF_INET, SOCK_DGRAM, 0); - if (!sock) + if (sock == INVALID_SOCKET) return -1; pb.ioCRefNum = sock->fMacTCPRef; pb.csCode = ipctlGetAddr; @@ -586,4 +760,23 @@ gethostname(char *name, int namelen) #endif +int +getsockname(s, name, namelen) + SOCKET s; + struct sockaddr_in *name; + int *namelen; +{ + + if (s == NULL) + return(EINVAL); + + if (*namelen < sizeof(struct sockaddr_in)) + return(EINVAL); + + *namelen = sizeof(struct sockaddr_in); + *name = s->connect_addr; + + return(0); +} + #endif /* HAVE_MACSOCK_H */ diff --git a/src/lib/krb5/os/net_read.c b/src/lib/krb5/os/net_read.c index b9e2b51..1513898 100644 --- a/src/lib/krb5/os/net_read.c +++ b/src/lib/krb5/os/net_read.c @@ -46,7 +46,7 @@ krb5_net_read(context, fd, buf, len) int cc, len2 = 0; do { - cc = SOCKET_READ(fd, buf, len); + cc = SOCKET_READ((SOCKET)fd, buf, len); if (cc < 0) { if (SOCKET_ERRNO == SOCKET_EINTR) continue; diff --git a/src/lib/krb5/os/net_write.c b/src/lib/krb5/os/net_write.c index 4420b0b..161846f 100644 --- a/src/lib/krb5/os/net_write.c +++ b/src/lib/krb5/os/net_write.c @@ -45,7 +45,7 @@ krb5_net_write(context, fd, buf, len) int cc; register int wrlen = len; do { - cc = SOCKET_WRITE(fd, buf, wrlen); + cc = SOCKET_WRITE((SOCKET)fd, buf, wrlen); if (cc < 0) { if (SOCKET_ERRNO == SOCKET_EINTR) continue; diff --git a/src/lib/krb5/os/timeofday.c b/src/lib/krb5/os/timeofday.c index 0499ff2..72adc44 100644 --- a/src/lib/krb5/os/timeofday.c +++ b/src/lib/krb5/os/timeofday.c @@ -51,7 +51,17 @@ krb5_timeofday(context, timeret) *timeret = os_ctx->time_offset; return 0; } +#ifdef _MACINTOSH +{ + long usecs; + krb5_error_code kret; + + if (kret = krb5_crypto_us_timeofday(&tval, &usecs)) + return kret; +} +#else tval = time(0); +#endif if (tval == (timetype) -1) return (krb5_error_code) errno; if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) diff --git a/src/lib/krb5/posix/ChangeLog b/src/lib/krb5/posix/ChangeLog index caa91ce..629c61c 100644 --- a/src/lib/krb5/posix/ChangeLog +++ b/src/lib/krb5/posix/ChangeLog @@ -1,3 +1,7 @@ +Wed Sep 6 12:00:00 1995 James Mattly <mattly@fusion.com> + * getuid.c: turn off getuid for metrowerks which has one (which is also + a farce), but leave it on for MPW. + Wed July 5 15:52:31 1995 James Mattly <mattly@fusion.com> * vfprintf.c included <stdio.h> diff --git a/src/lib/krb5/posix/getuid.c b/src/lib/krb5/posix/getuid.c index aefaae7..2c01095 100644 --- a/src/lib/krb5/posix/getuid.c +++ b/src/lib/krb5/posix/getuid.c @@ -1,7 +1,8 @@ /* Very simple getuid() for systems that don't have one. */ - +#ifndef _MWERKS int getuid() { return 42; } +#endif diff --git a/src/lib/krb5/rcache/ChangeLog b/src/lib/krb5/rcache/ChangeLog index c87010e..70a599f 100644 --- a/src/lib/krb5/rcache/ChangeLog +++ b/src/lib/krb5/rcache/ChangeLog @@ -1,3 +1,6 @@ +Wed Sep 6 12:00:00 1995 James Mattly <mattly@fusion.com> + * rc_io.c: turn off a call to fsync which MACINTOSH doesn't support + Thu Aug 31 14:13:21 EDT 1995 Paul Park (pjpark@mit.edu) * rc_base.c - Set magic number in rcache structure after successfully diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index efadead..96cfe2b 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -240,7 +240,11 @@ krb5_error_code krb5_rc_io_move (context, new, old) if (new->fn == 0) return ENOMEM; strcpy(new->fn, old->fn); +#ifdef _MACINTOSH + new->fd = fcntl(old->fd, F_DUPFD); +#else new->fd = dup(old->fd); +#endif return 0; } @@ -269,7 +273,7 @@ krb5_error_code krb5_rc_io_sync (context, d) krb5_context context; krb5_rc_iostuff *d; { -#ifndef MSDOS_FILESYSTEM +#if !defined(MSDOS_FILESYSTEM) && !defined(_MACINTOSH) if (fsync(d->fd) == -1) { switch(errno) { |