svn rev #25739: branches/krb5-1-10/src/ lib/krb5/asn.1/ tests/asn.1/

tlyu@MIT.EDU tlyu at MIT.EDU
Wed Mar 7 18:44:28 EST 2012 

http://src.mit.edu/fisheye/changelog/krb5/?cs=25739
Commit By: tlyu
Log Message:
ticket: 7092
status: resolved
version_fixed: 1.10.1

Pull up r25725 from trunk, along with backport of r25703.

 ------------------------------------------------------------------------
 r25725 | tlyu | 2012-03-02 17:24:38 -0500 (Fri, 02 Mar 2012) | 4 lines

 ticket: 7092

 Add test cases for Windows RODC kvno compatibility

 ------------------------------------------------------------------------
 r25703 | ghudson | 2012-02-21 13:57:44 -0500 (Tue, 21 Feb 2012) | 15 lines

 ticket: 7092
 subject: kvno ASN.1 encoding interop with Windows RODCs

 RFC 4120 defines the EncryptedData kvno field as an integer in the
 range of unsigned 32-bit numbers.  Windows encodes and decodes the
 field as a signed 32-bit integer.  Historically we do the same in our
 encoder in 1.6 and prior, and in our decoder through 1.10.  (Actually,
 our decoder through 1.10 decoded the value as a long and then cast the
 result to unsigned int, so it would accept positive values >= 2^31 on
 64-bit platforms but not on 32-bit platforms.)

 kvno values that large (or negative) are only likely to appear in the
 context of Windows read-only domain controllers.  So do what Windows
 does instead of what RFC 4120 says.


Changed Files:
U   branches/krb5-1-10/src/lib/krb5/asn.1/asn1_k_encode.c
U   branches/krb5-1-10/src/tests/asn.1/krb5_decode_test.c
U   branches/krb5-1-10/src/tests/asn.1/krb5_encode_test.c
U   branches/krb5-1-10/src/tests/asn.1/reference_encode.out
U   branches/krb5-1-10/src/tests/asn.1/trval_reference.out
Modified: branches/krb5-1-10/src/lib/krb5/asn.1/asn1_k_encode.c
===================================================================
--- branches/krb5-1-10/src/lib/krb5/asn.1/asn1_k_encode.c	2012-03-07 23:44:20 UTC (rev 25738)
+++ branches/krb5-1-10/src/lib/krb5/asn.1/asn1_k_encode.c	2012-03-07 23:44:28 UTC (rev 25739)
@@ -143,9 +143,23 @@
     return optional;
 }
 
+/*
+ * Encode krb5_kvno as signed 32-bit for Windows RODC interop.  (This is an
+ * inelegant backport; it's an alteration of the expansion of DEFINTTYPE(kvno,
+ * krb5_kvno).)
+ */
+typedef krb5_kvno aux_typedefname_kvno;
+static asn1_intmax loadint_kvno(const void *p)
+{
+    return (krb5_int32)*(krb5_kvno *)p;
+}
+const struct atype_info krb5int_asn1type_kvno = {
+    atype_int, sizeof(krb5_kvno), 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    loadint_kvno, 0,
+};
 static const struct field_info encrypted_data_fields[] = {
     FIELDOF_NORM(krb5_enc_data, int32, enctype, 0),
-    FIELDOF_OPT(krb5_enc_data, uint, kvno, 1, 1),
+    FIELDOF_OPT(krb5_enc_data, kvno, kvno, 1, 1),
     FIELDOF_NORM(krb5_enc_data, ostring_data, ciphertext, 2),
 };
 DEFSEQTYPE(encrypted_data, krb5_enc_data, encrypted_data_fields,

Modified: branches/krb5-1-10/src/tests/asn.1/krb5_decode_test.c
===================================================================
--- branches/krb5-1-10/src/tests/asn.1/krb5_decode_test.c	2012-03-07 23:44:20 UTC (rev 25738)
+++ branches/krb5-1-10/src/tests/asn.1/krb5_decode_test.c	2012-03-07 23:44:28 UTC (rev 25739)
@@ -888,6 +888,10 @@
     {
         setup(krb5_enc_data,"krb5_enc_data",ktest_make_sample_enc_data);
         decode_run("enc_data","","30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
+        ref.kvno = 0xFF000000;
+        decode_run("enc_data","(MSB-set kvno)","30 26 A0 03 02 01 00 A1 06 02 04 FF 00 00 00 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
+        ref.kvno = 0xFFFFFFFF;
+        decode_run("enc_data","(kvno=-1)","30 23 A0 03 02 01 00 A1 03 02 01 FF A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
         ktest_destroy_enc_data(&ref);
     }
 

Modified: branches/krb5-1-10/src/tests/asn.1/krb5_encode_test.c
===================================================================
--- branches/krb5-1-10/src/tests/asn.1/krb5_encode_test.c	2012-03-07 23:44:20 UTC (rev 25738)
+++ branches/krb5-1-10/src/tests/asn.1/krb5_encode_test.c	2012-03-07 23:44:28 UTC (rev 25739)
@@ -648,6 +648,12 @@
         setup(enc_data,krb5_enc_data,"enc_data",ktest_make_sample_enc_data);
         current_appl_type = 1001;
         encode_run(enc_data,krb5_enc_data,"enc_data","",encode_krb5_enc_data);
+        enc_data.kvno = 0xFF000000;
+        current_appl_type = 1001;
+        encode_run(enc_data,krb5_enc_data,"enc_data","(MSB-set kvno)",encode_krb5_enc_data);
+        enc_data.kvno = 0xFFFFFFFF;
+        current_appl_type = 1001;
+        encode_run(enc_data,krb5_enc_data,"enc_data","(kvno=-1)",encode_krb5_enc_data);
         ktest_destroy_enc_data(&enc_data);
     }
     /****************************************************************/

Modified: branches/krb5-1-10/src/tests/asn.1/reference_encode.out
===================================================================
--- branches/krb5-1-10/src/tests/asn.1/reference_encode.out	2012-03-07 23:44:20 UTC (rev 25738)
+++ branches/krb5-1-10/src/tests/asn.1/reference_encode.out	2012-03-07 23:44:28 UTC (rev 25739)
@@ -49,6 +49,8 @@
 encode_krb5_pa_enc_ts: 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40
 encode_krb5_pa_enc_ts (no usec): 30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
 encode_krb5_enc_data: 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_enc_data(MSB-set kvno): 30 26 A0 03 02 01 00 A1 06 02 04 FF 00 00 00 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
+encode_krb5_enc_data(kvno=-1): 30 23 A0 03 02 01 00 A1 03 02 01 FF A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
 encode_krb5_sam_challenge: 30 70 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34
 encode_krb5_sam_response: 30 6A A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 14 30 12 A0 03 02 01 01 A1 04 02 02 07 96 A2 05 04 03 6B 65 79 A4 1C 30 1A A0 03 02 01 01 A1 04 02 02 0D 36 A2 0D 04 0B 6E 6F 6E 63 65 20 6F 72 20 74 73 A5 05 02 03 54 32 10 A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
 encode_krb5_sam_key: 30 15 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38

Modified: branches/krb5-1-10/src/tests/asn.1/trval_reference.out
===================================================================
--- branches/krb5-1-10/src/tests/asn.1/trval_reference.out	2012-03-07 23:44:20 UTC (rev 25738)
+++ branches/krb5-1-10/src/tests/asn.1/trval_reference.out	2012-03-07 23:44:28 UTC (rev 25739)
@@ -1165,6 +1165,20 @@
 .  [kvno] [Integer] 5
 .  [cipher] [Octet String] "krbASN.1 test message"
 
+encode_krb5_enc_data(MSB-set kvno):
+
+[Sequence/Sequence Of] 
+.  [etype] [Integer] 0
+.  [kvno] [Integer] -16777216
+.  [cipher] [Octet String] "krbASN.1 test message"
+
+encode_krb5_enc_data(kvno=-1):
+
+[Sequence/Sequence Of] 
+.  [etype] [Integer] 0
+.  [kvno] [Integer] -1
+.  [cipher] [Octet String] "krbASN.1 test message"
+
 encode_krb5_sam_challenge:
 
 [Sequence/Sequence Of]

More information about the cvs-krb5 mailing list