From: Robbie Harwood Date: Thu, 23 Jan 2020 18:09:00 +0000 (-0500) Subject: Remove private mutators for context enctypes X-Git-Tag: krb5-1.19-beta1~124 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1028%2Fhead;p=thirdparty%2Fkrb5.git Remove private mutators for context enctypes krb5_set_default_in_tkt_ktypes() and krb5_set_default_tgs_ktypes() are not part of the API and are only used in test programs, so remove them. Also remove the now-unused in_tkt_etypes field from krb5_context. Update test suite consumers. Fix a minor bug wherein the etinfo executable would not correctly print its usage text. [ghudson@mit.edu: adapted some tests rather than remove them] --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 9616b24bf6..5fee63b622 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1207,7 +1207,6 @@ struct hostrealm_module_handle; struct k5_tls_vtable_st; struct _krb5_context { krb5_magic magic; - krb5_enctype *in_tkt_etypes; krb5_enctype *tgs_etypes; struct _krb5_os_context os_context; char *default_realm; @@ -2079,14 +2078,8 @@ struct _krb5_kt { /* should move into k5-int.h */ krb5_pointer data; }; -krb5_error_code krb5_set_default_in_tkt_ktypes(krb5_context, - const krb5_enctype *); - krb5_error_code krb5_get_default_in_tkt_ktypes(krb5_context, krb5_enctype **); -krb5_error_code krb5_set_default_tgs_ktypes(krb5_context, - const krb5_enctype *); - krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes(krb5_context, krb5_const_principal, krb5_enctype **); diff --git a/src/lib/krb5/krb/copy_ctx.c b/src/lib/krb5/krb/copy_ctx.c index 105eaf0cff..121f5d4166 100644 --- a/src/lib/krb5/krb/copy_ctx.c +++ b/src/lib/krb5/krb/copy_ctx.c @@ -69,7 +69,6 @@ krb5_copy_context(krb5_context ctx, krb5_context *nctx_out) *nctx = *ctx; - nctx->in_tkt_etypes = NULL; nctx->tgs_etypes = NULL; nctx->default_realm = NULL; nctx->profile = NULL; @@ -93,9 +92,6 @@ krb5_copy_context(krb5_context ctx, krb5_context *nctx_out) memset(&nctx->err, 0, sizeof(nctx->err)); memset(&nctx->plugins, 0, sizeof(nctx->plugins)); - ret = k5_copy_etypes(ctx->in_tkt_etypes, &nctx->in_tkt_etypes); - if (ret) - goto errout; ret = k5_copy_etypes(ctx->tgs_etypes, &nctx->tgs_etypes); if (ret) goto errout; diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index e7d67cca42..be31eb31e0 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -310,8 +310,6 @@ krb5_free_context(krb5_context ctx) return; k5_os_free_context(ctx); - free(ctx->in_tkt_etypes); - ctx->in_tkt_etypes = NULL; free(ctx->tgs_etypes); ctx->tgs_etypes = NULL; free(ctx->default_realm); @@ -339,9 +337,8 @@ krb5_free_context(krb5_context ctx) /* * Set the desired default ktypes, making sure they are valid. */ -static krb5_error_code -set_default_etype_var(krb5_context context, const krb5_enctype *etypes, - krb5_enctype **var) +krb5_error_code KRB5_CALLCONV +krb5_set_default_tgs_enctypes(krb5_context context, const krb5_enctype *etypes) { krb5_error_code code; krb5_enctype *list; @@ -374,31 +371,11 @@ set_default_etype_var(krb5_context context, const krb5_enctype *etypes, list = NULL; } - free(*var); - *var = list; + free(context->tgs_etypes); + context->tgs_etypes = list; return 0; } -krb5_error_code -krb5_set_default_in_tkt_ktypes(krb5_context context, - const krb5_enctype *etypes) -{ - return set_default_etype_var(context, etypes, &context->in_tkt_etypes); -} - -krb5_error_code KRB5_CALLCONV -krb5_set_default_tgs_enctypes(krb5_context context, const krb5_enctype *etypes) -{ - return set_default_etype_var(context, etypes, &context->tgs_etypes); -} - -/* Old name for above function. */ -krb5_error_code -krb5_set_default_tgs_ktypes(krb5_context context, const krb5_enctype *etypes) -{ - return set_default_etype_var(context, etypes, &context->tgs_etypes); -} - /* * Add etype to, or remove etype from, the zero-terminated list *list_ptr, * reallocating if the list size changes. Filter out weak enctypes if @@ -518,9 +495,6 @@ krb5_get_default_in_tkt_ktypes(krb5_context context, krb5_enctype **ktypes) *ktypes = NULL; - if (context->in_tkt_etypes != NULL) - return k5_copy_etypes(context->in_tkt_etypes, ktypes); - profkey = KRB5_CONF_DEFAULT_TKT_ENCTYPES; ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, profkey, NULL, NULL, &profstr); diff --git a/src/lib/krb5/krb/ser_ctx.c b/src/lib/krb5/krb/ser_ctx.c index 9d5f9dedfa..da3582f962 100644 --- a/src/lib/krb5/krb/ser_ctx.c +++ b/src/lib/krb5/krb/ser_ctx.c @@ -58,8 +58,6 @@ k5_size_context(krb5_context context, size_t *sizep) * krb5_int32 for KV5M_CONTEXT * krb5_int32 for sizeof(default_realm) * strlen(default_realm) for default_realm. - * krb5_int32 for n_in_tkt_etypes*sizeof(krb5_int32) - * nktypes*sizeof(krb5_int32) for in_tkt_etypes. * krb5_int32 for n_tgs_etypes*sizeof(krb5_int32) * nktypes*sizeof(krb5_int32) for tgs_etypes. * krb5_int32 for clockskew @@ -74,8 +72,7 @@ k5_size_context(krb5_context context, size_t *sizep) kret = EINVAL; if (context != NULL) { /* Calculate base length */ - required = (10 * sizeof(krb5_int32) + - (etypes_len(context->in_tkt_etypes) * sizeof(krb5_int32)) + + required = (9 * sizeof(krb5_int32) + (etypes_len(context->tgs_etypes) * sizeof(krb5_int32))); if (context->default_realm) @@ -138,22 +135,6 @@ k5_externalize_context(krb5_context context, return (kret); } - /* Now number of initial ticket ktypes */ - kret = krb5_ser_pack_int32(etypes_len(context->in_tkt_etypes), - &bp, &remain); - if (kret) - return (kret); - - /* Now serialize ktypes */ - if (context->in_tkt_etypes) { - for (i = 0; context->in_tkt_etypes[i]; i++) { - kret = krb5_ser_pack_int32(context->in_tkt_etypes[i], - &bp, &remain); - if (kret) - return (kret); - } - } - /* Now number of default ktypes */ kret = krb5_ser_pack_int32(etypes_len(context->tgs_etypes), &bp, &remain); if (kret) @@ -269,25 +250,6 @@ k5_internalize_context(krb5_context *argp, context->default_realm[ibuf] = '\0'; } - /* Get the in_tkt_etypes */ - if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; - count = ibuf; - if (count > 0) { - context->in_tkt_etypes = calloc(count + 1, sizeof(krb5_enctype)); - if (!context->in_tkt_etypes) { - kret = ENOMEM; - goto cleanup; - } - for (i = 0; i < count; i++) { - if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) - goto cleanup; - context->in_tkt_etypes[i] = ibuf; - } - context->in_tkt_etypes[count] = 0; - } else - context->in_tkt_etypes = NULL; - /* Get the tgs_etypes */ if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) goto cleanup; diff --git a/src/lib/krb5/krb/t_copy_context.c b/src/lib/krb5/krb/t_copy_context.c index 2970a8ceaf..0a5f2a3886 100644 --- a/src/lib/krb5/krb/t_copy_context.c +++ b/src/lib/krb5/krb/t_copy_context.c @@ -70,7 +70,6 @@ check_context(krb5_context c, krb5_context r) int i; /* Check fields which should have been propagated from r. */ - compare_etypes(c->in_tkt_etypes, r->in_tkt_etypes); compare_etypes(c->tgs_etypes, r->tgs_etypes); check(c->os_context.time_offset == r->os_context.time_offset); check(c->os_context.usec_offset == r->os_context.usec_offset); @@ -113,9 +112,8 @@ main(int argc, char **argv) { krb5_context ctx, ctx2; krb5_plugin_initvt_fn *mods; - const krb5_enctype etypes1[] = { ENCTYPE_DES3_CBC_SHA1, 0 }; - const krb5_enctype etypes2[] = { ENCTYPE_AES128_CTS_HMAC_SHA1_96, - ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }; + const krb5_enctype etypes[] = { ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, 0 }; krb5_prompt_type ptypes[] = { KRB5_PROMPT_TYPE_PASSWORD }; /* Copy a default context and verify the result. */ @@ -126,8 +124,7 @@ main(int argc, char **argv) /* Set non-default values for all of the propagated fields in ctx. */ ctx->allow_weak_crypto = TRUE; - check(krb5_set_default_in_tkt_ktypes(ctx, etypes1) == 0); - check(krb5_set_default_tgs_enctypes(ctx, etypes2) == 0); + check(krb5_set_default_tgs_enctypes(ctx, etypes) == 0); check(krb5_set_debugging_time(ctx, 1234, 5678) == 0); check(krb5_cc_set_default_name(ctx, "defccname") == 0); check(krb5_set_default_realm(ctx, "defrealm") == 0); diff --git a/src/lib/krb5/krb/t_etypes.c b/src/lib/krb5/krb/t_etypes.c index f609e938af..90c9f626c6 100644 --- a/src/lib/krb5/krb/t_etypes.c +++ b/src/lib/krb5/krb/t_etypes.c @@ -206,21 +206,21 @@ main(int argc, char **argv) * instead. */ copy = NULL; list = NULL; - ret = krb5_set_default_in_tkt_ktypes(ctx, tests[i].defaults); + ret = krb5_set_default_tgs_enctypes(ctx, tests[i].defaults); if (ret != expected_err) { com_err("krb5_set_default_in_tkt_ktypes", ret, ""); return 2; } } if (!expected_err) { - compare(ctx, tests[i].str ? list : ctx->in_tkt_etypes, + compare(ctx, tests[i].str ? list : ctx->tgs_etypes, (weak) ? tests[i].expected : tests[i].expected_noweak, tests[i].str, weak); } free(copy); free(list); if (!tests[i].str) - krb5_set_default_in_tkt_ktypes(ctx, NULL); + krb5_set_default_tgs_enctypes(ctx, NULL); } } diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 5b17d58dfb..18ecc8c959 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -557,10 +557,8 @@ krb5_ser_unpack_int64 krb5_server_decrypt_ticket_keytab krb5_set_config_files krb5_set_debugging_time -krb5_set_default_in_tkt_ktypes krb5_set_default_realm krb5_set_default_tgs_enctypes -krb5_set_default_tgs_ktypes krb5_set_error_message krb5_set_password krb5_set_password_using_ccache diff --git a/src/tests/etinfo.c b/src/tests/etinfo.c index 3f0c42d3e5..f8f7d75f52 100644 --- a/src/tests/etinfo.c +++ b/src/tests/etinfo.c @@ -119,24 +119,18 @@ main(int argc, char **argv) krb5_error *error; krb5_kdc_rep *asrep; krb5_pa_data **padata; - krb5_enctype *enctypes, def[] = { ENCTYPE_NULL }; krb5_preauthtype pa_type = KRB5_PADATA_NONE; unsigned int flags; int master = 0; - if (argc < 2 && argc > 4) { - fprintf(stderr, "Usage: %s princname [enctypes] [patype]\n", argv[0]); + if (argc < 2 || argc > 3) { + fprintf(stderr, "Usage: %s princname [patype]\n", argv[0]); exit(1); } check(krb5_init_context(&ctx)); check(krb5_parse_name(ctx, argv[1], &client)); - if (argc >= 3) { - check(krb5int_parse_enctype_list(ctx, "", argv[2], def, &enctypes)); - krb5_set_default_in_tkt_ktypes(ctx, enctypes); - free(enctypes); - } - if (argc >= 4) - pa_type = atoi(argv[3]); + if (argc >= 3) + pa_type = atoi(argv[2]); check(krb5_get_init_creds_opt_alloc(ctx, &opt)); if (pa_type != KRB5_PADATA_NONE) diff --git a/src/tests/t_etype_info.py b/src/tests/t_etype_info.py index 2a052fc174..c982508d8b 100644 --- a/src/tests/t_etype_info.py +++ b/src/tests/t_etype_info.py @@ -16,7 +16,9 @@ realm.run([kadminl, 'addprinc', '-nokey', '+requires_preauth', 'nokeyuser']) # list. Compare the output to the expected lines, ignoring order. def test_etinfo(princ, enctypes, expected_lines): mark('etinfo test: %s %s' % (princ.partition('@')[0], enctypes)) - lines = realm.run(['./etinfo', princ, enctypes]).splitlines() + conf = {'libdefaults': {'default_tkt_enctypes': enctypes}} + etypes_env = realm.special_env('etypes', False, krb5_conf=conf) + lines = realm.run(['./etinfo', princ], env=etypes_env).splitlines() if sorted(lines) != sorted(expected_lines): fail('Unexpected output for princ %s, etypes %s' % (princ, enctypes)) @@ -60,8 +62,8 @@ conf = {'plugins': {'kdcpreauth': {'module': 'test:' + testpreauth}, 'clpreauth': {'module': 'test:' + testpreauth}}} realm = K5Realm(create_host=False, get_creds=False, krb5_conf=conf) realm.run([kadminl, 'setstr', realm.user_princ, '2rt', '2rtval']) -out = realm.run(['./etinfo', realm.user_princ, 'aes128-cts', '-123']) -if out != 'more etype_info2 aes128-cts KRBTEST.COMuser\n': +out = realm.run(['./etinfo', realm.user_princ, '-123']) +if out != 'more etype_info2 aes256-cts KRBTEST.COMuser\n': fail('Unexpected output for MORE_PREAUTH_DATA_REQUIRED test') success('KDC etype-info tests')