rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Test & docs fixes in preparation for DES removal

Browse Source
This commit is contained in:
Robbie Harwood 2019-05-20 16:49:04 -04:00
parent f91545040c
commit 39ba823db6
4 changed files with 462 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
Mark-the-doc-kadm5-tex-files-as-historic.patch Normal file
View File

@ -0,0 +1,139 @@
From 7385ae430280e839a2a0b5a7c5a6be1b2b24aef4 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 11 Apr 2019 18:33:04 -0400
Subject: [PATCH] Mark the doc/kadm5 tex files as historic
Remove rcsid.sty and the uses of the \rcsId macro as git does not
perform the keyword expansion necessary to make it work. Add comments
indicating the historic status of the kadm5 documentation.
[ghudson@mit.edu: fix the tex files instead of marking them as
non-building]
(cherry picked from commit e6047bdd6dec0d104417f9a1318bbafe022b81c1)
---
doc/kadm5/adb-unit-test.tex | 7 ++++---
doc/kadm5/api-funcspec.tex | 9 +++++----
doc/kadm5/api-server-design.tex | 9 +++++----
doc/kadm5/api-unit-test.tex | 7 ++++---
doc/kadm5/rcsid.sty | 5 -----
5 files changed, 18 insertions(+), 19 deletions(-)
delete mode 100644 doc/kadm5/rcsid.sty
diff --git a/doc/kadm5/adb-unit-test.tex b/doc/kadm5/adb-unit-test.tex
index d401342df..987af1a5e 100644
--- a/doc/kadm5/adb-unit-test.tex
+++ b/doc/kadm5/adb-unit-test.tex
@@ -1,6 +1,7 @@
-\documentstyle[times,fullpage,rcsid]{article}
+% This document is included for historical purposes only, and does not
+% apply to krb5 today.
-\rcs$Id$
+\documentstyle[times,fullpage]{article}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Make _ actually generate an _, and allow line-breaking after it.
@@ -39,7 +40,7 @@
%\newcommand{\Priority}[1]{}
\title{OpenV*Secure Admin Database API\\
-Unit Test Description\footnote{\rcsId}}
+Unit Test Description}
\author{Jonathan I. Kamens}
\begin{document}
diff --git a/doc/kadm5/api-funcspec.tex b/doc/kadm5/api-funcspec.tex
index c13090a51..76d2bb5d0 100644
--- a/doc/kadm5/api-funcspec.tex
+++ b/doc/kadm5/api-funcspec.tex
@@ -1,4 +1,7 @@
-\documentstyle[12pt,fullpage,rcsid]{article}
+% This document is included for historical purposes only, and does not
+% apply to krb5 today.
+
+\documentstyle[12pt,fullpage]{article}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Make _ actually generate an _, and allow line-breaking after it.
@@ -7,15 +10,13 @@
\def_{\underscore\penalty75\relax}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\rcs$Id$
-
\setlength{\parskip}{.7\baselineskip}
\setlength{\parindent}{0pt}
\def\v#1{\verb+#1+}
\title{Kerberos Administration System \\
- KADM5 API Functional Specifications\thanks{\rcsId}}
+ KADM5 API Functional Specifications}
\author{Barry Jaspan}
\begin{document}
diff --git a/doc/kadm5/api-server-design.tex b/doc/kadm5/api-server-design.tex
index 228e83113..94e05b877 100644
--- a/doc/kadm5/api-server-design.tex
+++ b/doc/kadm5/api-server-design.tex
@@ -1,4 +1,7 @@
-\documentstyle[12pt,fullpage,rcsid]{article}
+% This document is included for historical purposes only, and does not
+% apply to krb5 today.
+
+\documentstyle[12pt,fullpage]{article}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Make _ actually generate an _, and allow line-breaking after it.
@@ -7,15 +10,13 @@
\def_{\underscore\penalty75\relax}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\rcs$Id$
-
\setlength{\parskip}{.7\baselineskip}
\setlength{\parindent}{0pt}
\def\v#1{\verb+#1+}
\def\k#1{K$_#1$}
-\title{KADM5 Library and Server \\ Implementation Design\thanks{\rcsId}}
+\title{KADM5 Library and Server \\ Implementation Design}
\author{Barry Jaspan}
\begin{document}
diff --git a/doc/kadm5/api-unit-test.tex b/doc/kadm5/api-unit-test.tex
index 3e0eb503e..bfd6280bb 100644
--- a/doc/kadm5/api-unit-test.tex
+++ b/doc/kadm5/api-unit-test.tex
@@ -1,6 +1,7 @@
-\documentstyle[times,fullpage,rcsid]{article}
+% This document is included for historical purposes only, and does not
+% apply to krb5 today.
-\rcs$Id$
+\documentstyle[times,fullpage]{article}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Make _ actually generate an _, and allow line-breaking after it.
@@ -41,7 +42,7 @@
%\newcommand{\Priority}[1]{}
\title{KADM5 Admin API\\
-Unit Test Description\footnote{\rcsId}}
+Unit Test Description}
\author{Jonathan I. Kamens}
\begin{document}
diff --git a/doc/kadm5/rcsid.sty b/doc/kadm5/rcsid.sty
deleted file mode 100644
index 3ad7826ff..000000000
--- a/doc/kadm5/rcsid.sty
+++ /dev/null
@@ -1,5 +0,0 @@
-\def\rcs$#1: #2${\expandafter\def\csname rcs#1\endcsname{#2}}
-
-% example usage:
-% \rcs$Version$
-% Version \rcsVersion

231
Modernize-example-enctypes-in-documentation.patch Normal file
View File

@ -0,0 +1,231 @@
From 6eb0931738f26890952de08d4ea9de24b0f684f5 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 11 Apr 2019 18:25:41 -0400
Subject: [PATCH] Modernize example enctypes in documentation
ticket: 8805 (new)
(cherry picked from commit ccb4a3e4b35fa9ea63af0e98a42eba4aadb099e2)
---
doc/admin/admin_commands/kadmin_local.rst | 8 ++++----
doc/admin/admin_commands/kdb5_util.rst | 10 +++++-----
doc/admin/database.rst | 2 +-
doc/admin/install_appl_srv.rst | 19 +++++++------------
doc/admin/install_kdc.rst | 2 +-
src/man/kadmin.man | 10 +++++-----
src/man/kdb5_util.man | 10 +++++-----
.../kdb/ldap/libkdb_ldap/kerberos.ldif | 4 ++--
.../kdb/ldap/libkdb_ldap/kerberos.schema | 4 ++--
9 files changed, 32 insertions(+), 37 deletions(-)
diff --git a/doc/admin/admin_commands/kadmin_local.rst b/doc/admin/admin_commands/kadmin_local.rst
index 150da1fad..71aa894f6 100644
--- a/doc/admin/admin_commands/kadmin_local.rst
+++ b/doc/admin/admin_commands/kadmin_local.rst
@@ -569,16 +569,16 @@ Examples::
Principal: tlyu/admin@BLEEP.COM
Expiration date: [never]
Last password change: Mon Aug 12 14:16:47 EDT 1996
- Password expiration date: [none]
+ Password expiration date: [never]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin@BLEEP.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
- Number of keys: 2
- Key: vno 1, des-cbc-crc
- Key: vno 1, des-cbc-crc:v4
+ Number of keys: 1
+ Key: vno 1, aes256-cts-hmac-sha384-192
+ MKey: vno 1
Attributes:
Policy: [none]
diff --git a/doc/admin/admin_commands/kdb5_util.rst b/doc/admin/admin_commands/kdb5_util.rst
index 7dd54f797..444c58bcd 100644
--- a/doc/admin/admin_commands/kdb5_util.rst
+++ b/doc/admin/admin_commands/kdb5_util.rst
@@ -476,17 +476,17 @@ Examples::
$ kdb5_util tabdump -o keyinfo.txt keyinfo
$ cat keyinfo.txt
name keyindex kvno enctype salttype salt
+ K/M@EXAMPLE.COM 0 1 aes256-cts-hmac-sha384-192 normal -1
foo@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1
bar@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1
- bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
$ sqlite3
sqlite> .mode tabs
sqlite> .import keyinfo.txt keyinfo
- sqlite> select * from keyinfo where enctype like 'des-cbc-%';
- bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
+ sqlite> select * from keyinfo where enctype like 'aes256-%';
+ K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1
sqlite> .quit
- $ awk -F'\t' '$4 ~ /des-cbc-/ { print }' keyinfo.txt
- bar@EXAMPLE.COM 1 1 des-cbc-crc normal -1
+ $ awk -F'\t' '$4 ~ /aes256-/ { print }' keyinfo.txt
+ K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1
ENVIRONMENT
diff --git a/doc/admin/database.rst b/doc/admin/database.rst
index 113a680a6..0eb5ccde7 100644
--- a/doc/admin/database.rst
+++ b/doc/admin/database.rst
@@ -483,7 +483,7 @@ availability. To roll over the master key, follow these steps:
$ kdb5_util list_mkeys
Master keys for Principal: K/M@KRBTEST.COM
- KVNO: 1, Enctype: des-cbc-crc, Active on: Wed Dec 31 19:00:00 EST 1969 *
+ KVNO: 1, Enctype: aes256-cts-hmac-sha384-192, Active on: Thu Jan 01 00:00:00 UTC 1970 *
#. On the master KDC, run ``kdb5_util use_mkey 1`` to ensure that a
master key activation list is present in the database. This step
diff --git a/doc/admin/install_appl_srv.rst b/doc/admin/install_appl_srv.rst
index 6bae7248f..6b2d8e471 100644
--- a/doc/admin/install_appl_srv.rst
+++ b/doc/admin/install_appl_srv.rst
@@ -44,18 +44,13 @@ pop, the administrator ``joeadmin`` would issue the command (on
``trillium.mit.edu``)::
trillium% kadmin
- kadmin5: ktadd host/trillium.mit.edu ftp/trillium.mit.edu
- pop/trillium.mit.edu
- kadmin: Entry for principal host/trillium.mit.edu@ATHENA.MIT.EDU with
- kvno 3, encryption type DES-CBC-CRC added to keytab
- FILE:/etc/krb5.keytab.
- kadmin: Entry for principal ftp/trillium.mit.edu@ATHENA.MIT.EDU with
- kvno 3, encryption type DES-CBC-CRC added to keytab
- FILE:/etc/krb5.keytab.
- kadmin: Entry for principal pop/trillium.mit.edu@ATHENA.MIT.EDU with
- kvno 3, encryption type DES-CBC-CRC added to keytab
- FILE:/etc/krb5.keytab.
- kadmin5: quit
+ Authenticating as principal root/admin@ATHENA.MIT.EDU with password.
+ Password for root/admin@ATHENA.MIT.EDU:
+ kadmin: ktadd host/trillium.mit.edu ftp/trillium.mit.edu pop/trillium.mit.edu
+ Entry for principal host/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
+ kadmin: Entry for principal ftp/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
+ kadmin: Entry for principal pop/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
+ kadmin: quit
trillium%
If you generate the keytab file on another host, you need to get a
diff --git a/doc/admin/install_kdc.rst b/doc/admin/install_kdc.rst
index 5d1e70ede..3bec59f96 100644
--- a/doc/admin/install_kdc.rst
+++ b/doc/admin/install_kdc.rst
@@ -340,7 +340,7 @@ To extract a keytab directly on a replica KDC called
Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
- type des3-cbc-sha1 added to keytab FILE:/etc/krb5.keytab.
+ type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
type arcfour-hmac added to keytab FILE:/etc/krb5.keytab.
diff --git a/src/man/kadmin.man b/src/man/kadmin.man
index 849677258..44859a378 100644
--- a/src/man/kadmin.man
+++ b/src/man/kadmin.man
@@ -1,6 +1,6 @@
.\" Man page generated from reStructuredText.
.
-.TH "KADMIN" "1" " " "1.17" "MIT Kerberos"
+.TH "KADMIN" "1" " " "1.18" "MIT Kerberos"
.SH NAME
kadmin \- Kerberos V5 database administration program
.
@@ -610,16 +610,16 @@ kadmin: getprinc tlyu/admin
Principal: tlyu/admin@BLEEP.COM
Expiration date: [never]
Last password change: Mon Aug 12 14:16:47 EDT 1996
-Password expiration date: [none]
+Password expiration date: [never]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin@BLEEP.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
-Number of keys: 2
-Key: vno 1, des\-cbc\-crc
-Key: vno 1, des\-cbc\-crc:v4
+Number of keys: 1
+Key: vno 1, aes256\-cts\-hmac\-sha384\-192
+MKey: vno 1
Attributes:
Policy: [none]
diff --git a/src/man/kdb5_util.man b/src/man/kdb5_util.man
index 9a36ef0df..46772a236 100644
--- a/src/man/kdb5_util.man
+++ b/src/man/kdb5_util.man
@@ -529,17 +529,17 @@ Examples:
$ kdb5_util tabdump \-o keyinfo.txt keyinfo
$ cat keyinfo.txt
name keyindex kvno enctype salttype salt
+K/M@EXAMPLE.COM 0 1 aes256\-cts\-hmac\-sha384\-192 normal \-1
foo@EXAMPLE.COM 0 1 aes128\-cts\-hmac\-sha1\-96 normal \-1
bar@EXAMPLE.COM 0 1 aes128\-cts\-hmac\-sha1\-96 normal \-1
-bar@EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1
$ sqlite3
sqlite> .mode tabs
sqlite> .import keyinfo.txt keyinfo
-sqlite> select * from keyinfo where enctype like \(aqdes\-cbc\-%\(aq;
-bar@EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1
+sqlite> select * from keyinfo where enctype like \(aqaes256\-%\(aq;
+K/M@EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal \-1
sqlite> .quit
-$ awk \-F\(aq\et\(aq \(aq$4 ~ /des\-cbc\-/ { print }\(aq keyinfo.txt
-bar@EXAMPLE.COM 1 1 des\-cbc\-crc normal \-1
+$ awk \-F\(aq\et\(aq \(aq$4 ~ /aes256\-/ { print }\(aq keyinfo.txt
+K/M@EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal \-1
.ft P
.fi
.UNINDENT
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
index 13db48609..4224f0850 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
@@ -512,7 +512,7 @@ attributetypes: ( 2.16.840.1.113719.1.301.4.41.1
##### Holds the default encryption/salt type combinations of principals for
##### the Realm. Stores in the form of key:salt strings.
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
dn: cn=schema
changetype: modify
@@ -533,7 +533,7 @@ attributetypes: ( 2.16.840.1.113719.1.301.4.42.1
##### ONLYREALM
##### SPECIAL
##### AFS3
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
#####
##### This attribute obsoletes the krbSupportedEncTypes and krbSupportedSaltTypes
##### attributes.
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
index 52036a178..171f66927 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
@@ -410,7 +410,7 @@ attributetype ( 2.16.840.1.113719.1.301.4.41.1
##### Holds the default encryption/salt type combinations of principals for
##### the Realm. Stores in the form of key:salt strings. This will be
##### subset of the supported encryption/salt types.
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
attributetype ( 2.16.840.1.113719.1.301.4.42.1
NAME 'krbDefaultEncSaltTypes'
@@ -428,7 +428,7 @@ attributetype ( 2.16.840.1.113719.1.301.4.42.1
##### ONLYREALM
##### SPECIAL
##### AFS3
-##### Example: des-cbc-crc:normal
+##### Example: aes256-cts-hmac-sha384-192:normal
attributetype ( 2.16.840.1.113719.1.301.4.43.1
NAME 'krbSupportedEncSaltTypes'

85
Update-ASN.1-SAM-tests-to-use-a-modern-enctype.patch Normal file
View File

@ -0,0 +1,85 @@
From f3f8effd4978bc6671adc85d98105ca10a67df1f Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 16 Apr 2019 14:16:39 -0400
Subject: [PATCH] Update ASN.1 SAM tests to use a modern enctype
(cherry picked from commit 3e94e53febc6d5636272f31ae9dba8e3babe9263)
---
src/tests/asn.1/krb5_decode_test.c | 2 +-
src/tests/asn.1/ktest.c | 4 ++--
src/tests/asn.1/reference_encode.out | 4 ++--
src/tests/asn.1/trval_reference.out | 4 ++--
4 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c
index ee70fa4b9..cbd99ba63 100644
--- a/src/tests/asn.1/krb5_decode_test.c
+++ b/src/tests/asn.1/krb5_decode_test.c
@@ -934,7 +934,7 @@ int main(argc, argv)
/* decode_sam_challenge_2_body */
{
setup(krb5_sam_challenge_2_body,ktest_make_sample_sam_challenge_2_body);
- decode_run("sam_challenge_2_body","","30 64 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 03 02 01 01",decode_krb5_sam_challenge_2_body,ktest_equal_sam_challenge_2_body,krb5_free_sam_challenge_2_body);
+ decode_run("sam_challenge_2_body","","30 64 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 03 02 01 14",decode_krb5_sam_challenge_2_body,ktest_equal_sam_challenge_2_body,krb5_free_sam_challenge_2_body);
ktest_empty_sam_challenge_2_body(&ref);
}
diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c
index 5bfdc5be2..6bf6e54ac 100644
--- a/src/tests/asn.1/ktest.c
+++ b/src/tests/asn.1/ktest.c
@@ -507,7 +507,7 @@ ktest_make_sample_sam_challenge_2_body(krb5_sam_challenge_2_body *p)
krb5_data_parse(&p->sam_response_prompt, "response_prompt ipse");
p->sam_pk_for_sad = empty_data();
p->sam_nonce = 0x543210;
- p->sam_etype = ENCTYPE_DES_CBC_CRC;
+ p->sam_etype = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
}
void
@@ -518,7 +518,7 @@ ktest_make_sample_sam_response_2(krb5_sam_response_2 *p)
p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY; /* KRB5_SAM_* values */
krb5_data_parse(&p->sam_track_id, "track data");
krb5_data_parse(&p->sam_enc_nonce_or_sad.ciphertext, "nonce or sad");
- p->sam_enc_nonce_or_sad.enctype = ENCTYPE_DES_CBC_CRC;
+ p->sam_enc_nonce_or_sad.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192;
p->sam_enc_nonce_or_sad.kvno = 3382;
p->sam_nonce = 0x543210;
}
diff --git a/src/tests/asn.1/reference_encode.out b/src/tests/asn.1/reference_encode.out
index a76deead2..80b18a2fb 100644
--- a/src/tests/asn.1/reference_encode.out
+++ b/src/tests/asn.1/reference_encode.out
@@ -49,8 +49,8 @@ encode_krb5_enc_data: 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 4
encode_krb5_enc_data(MSB-set kvno): 30 26 A0 03 02 01 00 A1 06 02 04 FF 00 00 00 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
encode_krb5_enc_data(kvno=-1): 30 23 A0 03 02 01 00 A1 03 02 01 FF A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
encode_krb5_sam_challenge_2: 30 22 A0 0D 30 0B 04 09 63 68 61 6C 6C 65 6E 67 65 A1 11 30 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
-encode_krb5_sam_challenge_2_body: 30 64 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 03 02 01 01
-encode_krb5_sam_response_2: 30 42 A0 03 02 01 2B A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 1D 30 1B A0 03 02 01 01 A1 04 02 02 0D 36 A2 0E 04 0C 6E 6F 6E 63 65 20 6F 72 20 73 61 64 A4 05 02 03 54 32 10
+encode_krb5_sam_challenge_2_body: 30 64 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 03 02 01 14
+encode_krb5_sam_response_2: 30 42 A0 03 02 01 2B A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 1D 30 1B A0 03 02 01 14 A1 04 02 02 0D 36 A2 0E 04 0C 6E 6F 6E 63 65 20 6F 72 20 73 61 64 A4 05 02 03 54 32 10
encode_krb5_enc_sam_response_enc_2: 30 1F A0 03 02 01 58 A1 18 04 16 65 6E 63 5F 73 61 6D 5F 72 65 73 70 6F 6E 73 65 5F 65 6E 63 5F 32
encode_krb5_pa_for_user: 30 4B A0 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 0A 1B 08 6B 72 62 35 64 61 74 61
encode_krb5_pa_s4u_x509_user: 30 68 A0 55 30 53 A0 06 02 04 00 CA 14 9A A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 12 04 10 70 61 5F 73 34 75 5F 78 35 30 39 5F 75 73 65 72 A4 07 03 05 00 80 00 00 00 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
diff --git a/src/tests/asn.1/trval_reference.out b/src/tests/asn.1/trval_reference.out
index e5c715924..432fdcebb 100644
--- a/src/tests/asn.1/trval_reference.out
+++ b/src/tests/asn.1/trval_reference.out
@@ -1180,7 +1180,7 @@ encode_krb5_sam_challenge_2_body:
. [5] [Octet String] "challenge ipse"
. [6] [Octet String] "response_prompt ipse"
. [8] [Integer] 5517840
-. [9] [Integer] 1
+. [9] [Integer] 20
encode_krb5_sam_response_2:
@@ -1189,7 +1189,7 @@ encode_krb5_sam_response_2:
. [1] [Bit String] 0x80000000
. [2] [Octet String] "track data"
. [3] [Sequence/Sequence Of]
-. . [0] [Integer] 1
+. . [0] [Integer] 20
. . [1] [Integer] 3382
. . [2] [Octet String] "nonce or sad"
. [4] [Integer] 5517840

8
krb5.spec
View File

@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
Name: krb5
Version: 1.17
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
Release: 22%{?dist}
Release: 23%{?dist}
# lookaside-cached sources; two downloads and a build artifact
Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}%{prerelease}.tar.gz
@ -94,6 +94,9 @@ Patch126: Remove-more-dead-code.patch
Patch127: krb5-1.17post2-FIPS-with-PRNG-SPAKE-and-RADIUS.patch
Patch128: Remove-checksum-type-profile-variables.patch
Patch129: Remove-dead-variable-def_kslist-from-two-files.patch
Patch130: Mark-the-doc-kadm5-tex-files-as-historic.patch
Patch131: Modernize-example-enctypes-in-documentation.patch
Patch132: Update-ASN.1-SAM-tests-to-use-a-modern-enctype.patch
License: MIT
URL: https://web.mit.edu/kerberos/www/
@ -703,6 +706,9 @@ exit 0
%{_libdir}/libkadm5srv_mit.so.*
%changelog
* Mon May 20 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-23
- Test & docs fixes in preparation for DES removal
* Wed May 15 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-22
- Drop krb5_realm_compare() etc. NULL check patches