Display unsupported enctype names

Add a table of unsupported enctype numbers to enctype_util.c and
consult it in krb5_enctype_to_name().  Treat unsupported enctype
numbers as deprecated in krb5int_c_deprecated_enctype().  In kadmin,
display "UNSUPPORTED:" before invalid enctype names.

ticket: 8808

diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index fe4cb493c064873348de45f928f0284365034e1c..b4d1aad936205b782570e72b99a5e24a4b95f0ad 100644 (file)
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -1461,7 +1461,9 @@ kadmin_getprinc(int argc, char *argv[])
                                      enctype, sizeof(enctype)))
                 snprintf(enctype, sizeof(enctype), _("<Encryption type 0x%x>"),
                          key_data->key_data_type[0]);
-            if (krb5int_c_deprecated_enctype(key_data->key_data_type[0]))
+            if (!krb5_c_valid_enctype(key_data->key_data_type[0]))
+                deprecated = "UNSUPPORTED:";
+            else if (krb5int_c_deprecated_enctype(key_data->key_data_type[0]))
                 deprecated = "DEPRECATED:";
             printf("Key: vno %d, %s%s", key_data->key_data_kvno, deprecated,
                    enctype);

diff --git a/src/lib/crypto/krb/enctype_util.c b/src/lib/crypto/krb/enctype_util.c
index e394f4e197a707f4e596d5aa47a1082d6c5bc2ff..1542d406291702a728b930bc9ed4b5dc2dcb723d 100644 (file)
--- a/src/lib/crypto/krb/enctype_util.c
+++ b/src/lib/crypto/krb/enctype_util.c
@@ -36,6 +36,18 @@
 
 #include "crypto_int.h"
 
+struct {
+    krb5_enctype etype;
+    const char *name;
+} unsupported_etypes[] = {
+    { ENCTYPE_DES_CBC_CRC, "des-cbc-crc" },
+    { ENCTYPE_DES_CBC_MD4, "des-cbc-md4" },
+    { ENCTYPE_DES_CBC_MD5, "des-cbc-md5" },
+    { ENCTYPE_DES_CBC_RAW, "des-cbc-raw" },
+    { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1" },
+    { ENCTYPE_NULL, NULL }
+};
+
 krb5_boolean KRB5_CALLCONV
 krb5_c_valid_enctype(krb5_enctype etype)
 {
@@ -55,7 +67,7 @@ krb5_boolean KRB5_CALLCONV
 krb5int_c_deprecated_enctype(krb5_enctype etype)
 {
     const struct krb5_keytypes *ktp = find_enctype(etype);
-    return ktp != NULL && (ktp->flags & ETYPE_DEPRECATED) != 0;
+    return ktp == NULL || (ktp->flags & ETYPE_DEPRECATED) != 0;
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -122,6 +134,14 @@ krb5_enctype_to_name(krb5_enctype enctype, krb5_boolean shortest,
     const char *name;
     int i;
 
+    for (i = 0; unsupported_etypes[i].etype != ENCTYPE_NULL; i++) {
+        if (enctype == unsupported_etypes[i].etype) {
+            if (strlcpy(buffer, unsupported_etypes[i].name, buflen) >= buflen)
+                return ENOMEM;
+            return 0;
+        }
+    }
+
     ktp = find_enctype(enctype);
     if (ktp == NULL)
         return EINVAL;