80 lines
2.9 KiB
Diff
80 lines
2.9 KiB
Diff
From 756e069368719f53444b5a819753fdeda5561994 Mon Sep 17 00:00:00 2001
|
|
From: Greg Hudson <ghudson@mit.edu>
|
|
Date: Tue, 21 May 2019 13:34:39 -0400
|
|
Subject: [PATCH] Display unsupported enctype names
|
|
|
|
Add a table of unsupported enctype numbers to enctype_util.c and
|
|
consult it in krb5_enctype_to_name(). Treat unsupported enctype
|
|
numbers as deprecated in krb5int_c_deprecated_enctype(). In kadmin,
|
|
display "UNSUPPORTED:" before invalid enctype names.
|
|
|
|
ticket: 8808
|
|
(cherry picked from commit ebbc6e8e99ee9d5d757411200a6a3173171774df)
|
|
---
|
|
src/kadmin/cli/kadmin.c | 4 +++-
|
|
src/lib/crypto/krb/enctype_util.c | 22 +++++++++++++++++++++-
|
|
2 files changed, 24 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
|
|
index fe4cb493c..b4d1aad93 100644
|
|
--- a/src/kadmin/cli/kadmin.c
|
|
+++ b/src/kadmin/cli/kadmin.c
|
|
@@ -1461,7 +1461,9 @@ kadmin_getprinc(int argc, char *argv[])
|
|
enctype, sizeof(enctype)))
|
|
snprintf(enctype, sizeof(enctype), _("<Encryption type 0x%x>"),
|
|
key_data->key_data_type[0]);
|
|
- if (krb5int_c_deprecated_enctype(key_data->key_data_type[0]))
|
|
+ if (!krb5_c_valid_enctype(key_data->key_data_type[0]))
|
|
+ deprecated = "UNSUPPORTED:";
|
|
+ else if (krb5int_c_deprecated_enctype(key_data->key_data_type[0]))
|
|
deprecated = "DEPRECATED:";
|
|
printf("Key: vno %d, %s%s", key_data->key_data_kvno, deprecated,
|
|
enctype);
|
|
diff --git a/src/lib/crypto/krb/enctype_util.c b/src/lib/crypto/krb/enctype_util.c
|
|
index e394f4e19..1542d4062 100644
|
|
--- a/src/lib/crypto/krb/enctype_util.c
|
|
+++ b/src/lib/crypto/krb/enctype_util.c
|
|
@@ -36,6 +36,18 @@
|
|
|
|
#include "crypto_int.h"
|
|
|
|
+struct {
|
|
+ krb5_enctype etype;
|
|
+ const char *name;
|
|
+} unsupported_etypes[] = {
|
|
+ { ENCTYPE_DES_CBC_CRC, "des-cbc-crc" },
|
|
+ { ENCTYPE_DES_CBC_MD4, "des-cbc-md4" },
|
|
+ { ENCTYPE_DES_CBC_MD5, "des-cbc-md5" },
|
|
+ { ENCTYPE_DES_CBC_RAW, "des-cbc-raw" },
|
|
+ { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1" },
|
|
+ { ENCTYPE_NULL, NULL }
|
|
+};
|
|
+
|
|
krb5_boolean KRB5_CALLCONV
|
|
krb5_c_valid_enctype(krb5_enctype etype)
|
|
{
|
|
@@ -55,7 +67,7 @@ krb5_boolean KRB5_CALLCONV
|
|
krb5int_c_deprecated_enctype(krb5_enctype etype)
|
|
{
|
|
const struct krb5_keytypes *ktp = find_enctype(etype);
|
|
- return ktp != NULL && (ktp->flags & ETYPE_DEPRECATED) != 0;
|
|
+ return ktp == NULL || (ktp->flags & ETYPE_DEPRECATED) != 0;
|
|
}
|
|
|
|
krb5_error_code KRB5_CALLCONV
|
|
@@ -122,6 +134,14 @@ krb5_enctype_to_name(krb5_enctype enctype, krb5_boolean shortest,
|
|
const char *name;
|
|
int i;
|
|
|
|
+ for (i = 0; unsupported_etypes[i].etype != ENCTYPE_NULL; i++) {
|
|
+ if (enctype == unsupported_etypes[i].etype) {
|
|
+ if (strlcpy(buffer, unsupported_etypes[i].name, buflen) >= buflen)
|
|
+ return ENOMEM;
|
|
+ return 0;
|
|
+ }
|
|
+ }
|
|
+
|
|
ktp = find_enctype(enctype);
|
|
if (ktp == NULL)
|
|
return EINVAL;
|