* SUCH DAMAGE.
*/
-#define KRB5_DEPRECATED
-
#include "krb5_locl.h"
#ifdef __APPLE__
p = ptr->s + strcspn(ptr->s, "\n");
if(*p == '\n')
p++;
- l = min(len, p - ptr->s);
+ l = min(len, (size_t)(p - ptr->s));
if(len > 0) {
memcpy(str, ptr->s, l);
str[l] = '\0';
for(q = parent; *q != NULL; q = &(*q)->next)
if(type == krb5_config_list &&
- type == (*q)->type &&
+ (unsigned)type == (*q)->type &&
strcmp(name, (*q)->name) == 0)
return *q;
*q = calloc(1, sizeof(**q));
{
CFIndex len;
char *str;
-
+
str = (char *) CFStringGetCStringPtr(string, kCFStringEncodingUTF8);
if (str)
return strdup(str);
str = malloc(len);
if (str == NULL)
return NULL;
-
+
if (!CFStringGetCString (string, str, len, kCFStringEncodingUTF8)) {
free (str);
return NULL;
CFReadStreamRef s;
CFDictionaryRef d;
CFURLRef url;
-
+
url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)path, strlen(path), FALSE);
if (url == NULL) {
krb5_clear_error_message(context);
home = getenv("HOME");
if (home == NULL) {
- struct passwd *pw = getpwuid(getuid());
+ struct passwd *pw = getpwuid(getuid());
if(pw != NULL)
home = pw->pw_dir;
}
return ret;
}
#else
- krb5_set_error_message(context, ENOENT,
+ krb5_set_error_message(context, ENOENT,
"no support for plist configuration files");
return ENOENT;
#endif
free(newfname);
return ret;
}
-
+
if (newfname)
free(newfname);
fname = newfname = exp_fname;
free(newfname);
return ret;
}
-
+
ret = krb5_config_parse_debug (&f, res, &lineno, &str);
fclose(f.f);
if (ret) {
const char *p = va_arg(args, const char *);
while(b != NULL) {
if(strcmp(b->name, name) == 0) {
- if(b->type == type && p == NULL) {
+ if(b->type == (unsigned)type && p == NULL) {
*pointer = b;
return b->u.generic;
} else if(b->type == krb5_config_list && p != NULL) {
/* we were called again, so just look for more entries with the
same name and type */
for (b = (*pointer)->next; b != NULL; b = b->next) {
- if(strcmp(b->name, (*pointer)->name) == 0 && b->type == type) {
+ if(strcmp(b->name, (*pointer)->name) == 0 && b->type == (unsigned)type) {
*pointer = b;
return b->u.generic;
}
*
* @ingroup krb5_support
*/
-
+
KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_get_string (krb5_context context,
const krb5_config_section *c,
}
static char *
-next_component_string(char * begin, char * delims, char **state)
+next_component_string(char * begin, const char * delims, char **state)
{
char * end;
* @ingroup krb5_deprecated
*/
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_string_multi(krb5_context context,
const char *string,
krb5_config_section **res)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
const char *str;
unsigned lineno = 0;
* SUCH DAMAGE.
*/
-#define KRB5_DEPRECATED
-
#include "krb5_locl.h"
struct _krb5_key_usage {
struct _krb5_key_data *,
struct _krb5_encryption_type *);
-/************************************************************
- * *
- ************************************************************/
+/*
+ * Converts etype to a user readable string and sets as a side effect
+ * the krb5_error_message containing this string. Returns
+ * KRB5_PROG_ETYPE_NOSUPP in not the conversion of the etype failed in
+ * which case the error code of the etype convesion is returned.
+ */
+
+static krb5_error_code
+unsupported_enctype(krb5_context context, krb5_enctype etype)
+{
+ krb5_error_code ret;
+ char *name;
+
+ ret = krb5_enctype_to_string(context, etype, &name);
+ if (ret)
+ return ret;
+
+ krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
+ N_("Encryption type %s not supported", ""),
+ name);
+ free(name);
+ return KRB5_PROG_ETYPE_NOSUPP;
+}
+
+/*
+ *
+ */
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_keysize(krb5_context context,
{
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
- krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- type);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context, type);
}
*keysize = et->keytype->size;
return 0;
{
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
- krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
- "encryption type %d not supported",
- type);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context, type);
}
*keybits = et->keytype->bits;
return 0;
krb5_error_code ret;
struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
- krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- type);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context, type);
}
ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
if(ret)
struct _krb5_key_type *kt;
if (et == NULL) {
- krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- key->key->keytype);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context,
+ key->key->keytype);
}
kt = et->keytype;
unsigned char *ipad, *opad;
unsigned char *key;
size_t key_len;
- int i;
+ size_t i;
ipad = malloc(cm->blocksize + len);
if (ipad == NULL)
if(ct->flags & F_DERIVED)
ret = _get_derived_key(context, crypto, usage, key);
else if(ct->flags & F_VARIANT) {
- int i;
+ size_t i;
*key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */);
if(*key == NULL) {
{
struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
if(e == NULL) {
- krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- etype);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context, etype);
}
*keytype = e->keytype->type; /* XXX */
return 0;
}
+/**
+ * Check if a enctype is valid, return 0 if it is.
+ *
+ * @param context Kerberos context
+ * @param etype enctype to check if its valid or not
+ *
+ * @return Return an error code for an failure or 0 on success (enctype valid).
+ * @ingroup krb5_crypto
+ */
+
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_valid(krb5_context context,
krb5_enctype etype)
{
struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
- if(e == NULL) {
- krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- etype);
- return KRB5_PROG_ETYPE_NOSUPP;
- }
- if (e->flags & F_DISABLED) {
- krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %s is disabled", ""),
- e->name);
+ if(e && (e->flags & F_DISABLED) == 0)
+ return 0;
+ if (context == NULL)
return KRB5_PROG_ETYPE_NOSUPP;
+ if(e == NULL) {
+ return unsupported_enctype (context, etype);
}
- return 0;
+ /* Must be (e->flags & F_DISABLED) */
+ krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
+ N_("encryption type %s is disabled", ""),
+ e->name);
+ return KRB5_PROG_ETYPE_NOSUPP;
}
/**
}
static krb5_crypto_iov *
-find_iv(krb5_crypto_iov *data, int num_data, int type)
+find_iv(krb5_crypto_iov *data, size_t num_data, unsigned type)
{
- int i;
+ size_t i;
for (i = 0; i < num_data; i++)
if (data[i].flags == type)
return &data[i];
struct _krb5_encryption_type *et = crypto->et;
krb5_crypto_iov *tiv, *hiv;
- if (num_data < 0) {
- krb5_clear_error_message(context);
- return KRB5_CRYPTO_INTERNAL;
- }
-
if(!derived_crypto(context, crypto)) {
krb5_clear_error_message(context);
return KRB5_CRYPTO_INTERNAL;
Checksum cksum;
krb5_crypto_iov *civ;
krb5_error_code ret;
- int i;
+ size_t i;
size_t len;
char *p, *q;
- if (num_data < 0) {
- krb5_clear_error_message(context);
- return KRB5_CRYPTO_INTERNAL;
- }
-
if(!derived_crypto(context, crypto)) {
krb5_clear_error_message(context);
return KRB5_CRYPTO_INTERNAL;
Checksum cksum;
krb5_crypto_iov *civ;
krb5_error_code ret;
- int i;
+ size_t i;
size_t len;
char *p, *q;
- if (num_data < 0) {
- krb5_clear_error_message(context);
- return KRB5_CRYPTO_INTERNAL;
- }
-
if(!derived_crypto(context, crypto)) {
krb5_clear_error_message(context);
return KRB5_CRYPTO_INTERNAL;
unsigned int num_data)
{
krb5_error_code ret;
- int i;
+ size_t i;
for (i = 0; i < num_data; i++) {
ret = krb5_crypto_length(context, crypto,
/* XXX keytype dependent post-processing */
switch(kt->type) {
- case KEYTYPE_DES3:
+ case KRB5_ENCTYPE_OLD_DES3_CBC_SHA1:
_krb5_DES3_random_to_key(context, key->key, k, nblocks * et->blocksize);
break;
- case KEYTYPE_AES128:
- case KEYTYPE_AES256:
+ case KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96:
+ case KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96:
memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length);
break;
default:
et = _krb5_find_enctype (etype);
if (et == NULL) {
- krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- etype);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype (context, etype);
}
ret = krb5_copy_keyblock(context, key, &d.key);
if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) {
free(*crypto);
*crypto = NULL;
- krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
- N_("encryption type %d not supported", ""),
- etype);
- return KRB5_PROG_ETYPE_NOSUPP;
+ return unsupported_enctype(context, etype);
}
if((*crypto)->et->keytype->size != key->keyvalue.length) {
free(*crypto);
* @ingroup krb5_deprecated
*/
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_keytype_to_enctypes (krb5_context context,
krb5_keytype keytype,
unsigned *len,
krb5_enctype **val)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
int i;
unsigned n = 0;
*/
/* if two enctypes have compatible keys */
-KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_enctypes_compatible_keys(krb5_context context,
krb5_enctype etype1,
krb5_enctype etype2)
+ KRB5_DEPRECATED_FUNCTION("Use X instead")
{
struct _krb5_encryption_type *e1 = _krb5_find_enctype(etype1);
struct _krb5_encryption_type *e2 = _krb5_find_enctype(etype2);