Use unsigned 16-bit type for key data kvno

Change key_data_kvno from a signed 16-bit field to an unsigned 16-bit
field, since negative values are never meaningful.  When adding new
keys, wrap from 65535 to 1 to avoid using the special value 0.

Don't bump the KDB binary version since this change is unlikely to
affect callers.

ticket: 7532

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 4868e7df02a2de9245257e0dee3fed7ce8fc62ac..e6ffba3f82f7c171bb28d628d9d74d1b9198d50b 100644 (file)
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -1646,7 +1646,7 @@ struct _krb5_key_data;          /* kdb.h */
 
 struct ldap_seqof_key_data {
     krb5_int32 mkvno;           /* Master key version number */
-    krb5_int16 kvno;            /* kvno of key_data elements (all the same) */
+    krb5_ui_2 kvno;             /* kvno of key_data elements (all the same) */
     struct _krb5_key_data *key_data;
     krb5_int16 n_key_data;
 };

diff --git a/src/include/kdb.h b/src/include/kdb.h
index d0a390a25886801a2c65c5c444ef14a24b4fbff7..1563a6297f93694d77549a568ce6d4ac3eaf4633 100644 (file)
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -167,7 +167,7 @@ typedef struct krb5_string_attr_st {
  */
 typedef struct _krb5_key_data {
     krb5_int16            key_data_ver;         /* Version */
-    krb5_int16            key_data_kvno;        /* Key Version */
+    krb5_ui_2             key_data_kvno;        /* Key Version */
     krb5_int16            key_data_type[2];     /* Array of types */
     krb5_ui_2             key_data_length[2];   /* Array of lengths */
     krb5_octet          * key_data_contents[2]; /* Array of pointers */

diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
index 975f94c6c6ac70491c945f36d4d108ff2102616c..4ccf8e653b0de9270604e32db18baaa349b45060 100644 (file)
--- a/src/lib/kadm5/kadm_rpc_xdr.c
+++ b/src/lib/kadm5/kadm_rpc_xdr.c
@@ -262,7 +262,7 @@ bool_t xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp)
      if (!xdr_krb5_int16(xdrs, &objp->key_data_ver)) {
          return (FALSE);
      }
-     if (!xdr_krb5_int16(xdrs, &objp->key_data_kvno)) {
+     if (!xdr_krb5_ui_2(xdrs, &objp->key_data_kvno)) {
          return (FALSE);
      }
      if (!xdr_krb5_int16(xdrs, &objp->key_data_type[0])) {

diff --git a/src/lib/kadm5/srv/adb_xdr.c b/src/lib/kadm5/srv/adb_xdr.c
index de1bdc00e13b9d75d254670ac427d093f7405e3f..fc732971d2f3fc011e1a7a6dbdc938a58f41a8fc 100644 (file)
--- a/src/lib/kadm5/srv/adb_xdr.c
+++ b/src/lib/kadm5/srv/adb_xdr.c
@@ -21,7 +21,7 @@ xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
 
     if (!xdr_krb5_int16(xdrs, &objp->key_data_ver))
        return(FALSE);
-    if (!xdr_krb5_int16(xdrs, &objp->key_data_kvno))
+    if (!xdr_krb5_ui_2(xdrs, &objp->key_data_kvno))
        return(FALSE);
     if (!xdr_krb5_int16(xdrs, &objp->key_data_type[0]))
        return(FALSE);

diff --git a/src/lib/kdb/kdb_convert.c b/src/lib/kdb/kdb_convert.c
index 1370395c8d96a4503dbd85efc6b5ccafba0f0047..509016f73e6f8ae6cf10307f35170e34f117ef7b 100644 (file)
--- a/src/lib/kdb/kdb_convert.c
+++ b/src/lib/kdb/kdb_convert.c
@@ -704,7 +704,7 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry **entry,
                 krb5_key_data *kp = &ent->key_data[j];
                 kdbe_key_t *kv = &ULOG_ENTRY_KEYVAL(update, i, j);
                 kp->key_data_ver = (krb5_int16)kv->k_ver;
-                kp->key_data_kvno = (krb5_int16)kv->k_kvno;
+                kp->key_data_kvno = (krb5_ui_2)kv->k_kvno;
                 if (kp->key_data_ver > 2) {
                     return EINVAL; /* XXX ? */
                 }

diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index fb076656f0d56be27870f57d8fd57409e3bd9154..33017ecfdc18c38e21be54a3d299bc7dd56a61d7 100644 (file)
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -436,6 +436,10 @@ rekey(krb5_context context, krb5_keyblock *mkey, krb5_key_salt_tuple *ks_tuple,
     old_kvno = krb5_db_get_key_data_kvno(context, n_key_data, key_data);
     if (new_kvno < old_kvno + 1)
         new_kvno = old_kvno + 1;
+    /* Wrap from 65535 to 1; we can only store 16-bit kvno values in key_data,
+     * and we assign special meaning to kvno 0. */
+    if (new_kvno == (1 << 16))
+        new_kvno = 1;
 
     /* Add new keys to the front of the list. */
     if (password != NULL) {

diff --git a/src/lib/krb5/asn.1/ldap_key_seq.c b/src/lib/krb5/asn.1/ldap_key_seq.c
index deb47058df91dcf9c9ac044a02e80a891040bf80..74569d9e2c51dffac4632b0362bcb4c32b55439f 100644 (file)
--- a/src/lib/krb5/asn.1/ldap_key_seq.c
+++ b/src/lib/krb5/asn.1/ldap_key_seq.c
@@ -51,6 +51,7 @@
 IMPORT_TYPE(int32, krb5_int32);
 
 DEFINTTYPE(int16, krb5_int16);
+DEFINTTYPE(uint16, krb5_ui_2);
 
 DEFCOUNTEDSTRINGTYPE(ui2_octetstring, unsigned char *, krb5_ui_2,
                      k5_asn1_encode_bytestring, k5_asn1_decode_bytestring,
@@ -108,7 +109,7 @@ DEFCOUNTEDSEQOFTYPE(cseqof_key_data, krb5_int16, ptr_key_data);
 DEFINT_IMMEDIATE(one, 1, ASN1_BAD_FORMAT);
 DEFCTAGGEDTYPE(ldap_key_seq_0, 0, one);
 DEFCTAGGEDTYPE(ldap_key_seq_1, 1, one);
-DEFFIELD(ldap_key_seq_2, ldap_seqof_key_data, kvno, 2, int16);
+DEFFIELD(ldap_key_seq_2, ldap_seqof_key_data, kvno, 2, uint16);
 DEFFIELD(ldap_key_seq_3, ldap_seqof_key_data, mkvno, 3, int32);
 DEFCNFIELD(ldap_key_seq_4, ldap_seqof_key_data, key_data, n_key_data, 4,
            cseqof_key_data);

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
index 5eca41ee7b0acbbb98789adc4c9e5764aa82004b..cf1201d607e5e8e086373fa3afc9bace92fd4280 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
@@ -98,7 +98,7 @@ ldap_xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
 
     if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_ver))
        return(FALSE);
-    if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_kvno))
+    if (!ldap_xdr_krb5_ui_2(xdrs, &objp->key_data_kvno))
        return(FALSE);
     if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_type[0]))
        return(FALSE);