From: Greg Hudson Date: Fri, 27 Sep 2019 20:55:37 +0000 (-0400) Subject: Log unknown enctypes as unsupported in KDC X-Git-Tag: krb5-1.18-beta1~51 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F982%2Fhead;p=thirdparty%2Fkrb5.git Log unknown enctypes as unsupported in KDC Commit 8d8e68283b599e680f9fe45eff8af397e827bd6c logs both invalid and deprecated enctypes as "DEPRECATED:". An invalid enctype might be too old or marginal to be supported (like single-DES) or too new to be recognized. For clarity, prefix invalid enctypes with "UNSUPPORTED:" instead. ticket: 8773 --- diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 8c0fa8c072..198233407a 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -1073,20 +1073,22 @@ void limit_string(char *name) static krb5_error_code enctype_name(krb5_enctype ktype, char *buf, size_t buflen) { - char *name; + const char *name, *prefix = ""; size_t len; if (buflen == 0) return EINVAL; *buf = '\0'; /* ensure these are always valid C-strings */ - if (krb5int_c_deprecated_enctype(ktype)) { - len = strlcpy(buf, "DEPRECATED:", buflen); - if (len >= buflen) - return ENOMEM; - buflen -= len; - buf += len; - } + if (!krb5_c_valid_enctype(ktype)) + prefix = "UNSUPPORTED:"; + else if (krb5int_c_deprecated_enctype(ktype)) + prefix = "DEPRECATED:"; + len = strlcpy(buf, prefix, buflen); + if (len >= buflen) + return ENOMEM; + buflen -= len; + buf += len; /* rfc4556 recommends that clients wishing to indicate support for these * pkinit algorithms include them in the etype field of the AS-REQ. */