krb5 commit: Use unsigned 16-bit type for key data kvno
Greg Hudson
ghudson at mit.edu
Wed Apr 15 00:40:36 EDT 2015
https://github.com/krb5/krb5/commit/1d4df2264684ab6731dedc8882a0cd6353af33da
commit 1d4df2264684ab6731dedc8882a0cd6353af33da
Author: Greg Hudson <ghudson at mit.edu>
Date: Sun Mar 8 16:20:07 2015 -0400
Use unsigned 16-bit type for key data kvno
Change key_data_kvno from a signed 16-bit field to an unsigned 16-bit
field, since negative values are never meaningful. When adding new
keys, wrap from 65535 to 1 to avoid using the special value 0.
Don't bump the KDB binary version since this change is unlikely to
affect callers.
ticket: 7532
src/include/k5-int.h | 2 +-
src/include/kdb.h | 2 +-
src/lib/kadm5/kadm_rpc_xdr.c | 2 +-
src/lib/kadm5/srv/adb_xdr.c | 2 +-
src/lib/kdb/kdb_convert.c | 2 +-
src/lib/kdb/kdb_cpw.c | 4 ++++
src/lib/krb5/asn.1/ldap_key_seq.c | 3 ++-
src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c | 2 +-
8 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 4868e7d..e6ffba3 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -1646,7 +1646,7 @@ struct _krb5_key_data; /* kdb.h */
struct ldap_seqof_key_data {
krb5_int32 mkvno; /* Master key version number */
- krb5_int16 kvno; /* kvno of key_data elements (all the same) */
+ krb5_ui_2 kvno; /* kvno of key_data elements (all the same) */
struct _krb5_key_data *key_data;
krb5_int16 n_key_data;
};
diff --git a/src/include/kdb.h b/src/include/kdb.h
index d0a390a..1563a62 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -167,7 +167,7 @@ typedef struct krb5_string_attr_st {
*/
typedef struct _krb5_key_data {
krb5_int16 key_data_ver; /* Version */
- krb5_int16 key_data_kvno; /* Key Version */
+ krb5_ui_2 key_data_kvno; /* Key Version */
krb5_int16 key_data_type[2]; /* Array of types */
krb5_ui_2 key_data_length[2]; /* Array of lengths */
krb5_octet * key_data_contents[2]; /* Array of pointers */
diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
index 975f94c..4ccf8e6 100644
--- a/src/lib/kadm5/kadm_rpc_xdr.c
+++ b/src/lib/kadm5/kadm_rpc_xdr.c
@@ -262,7 +262,7 @@ bool_t xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp)
if (!xdr_krb5_int16(xdrs, &objp->key_data_ver)) {
return (FALSE);
}
- if (!xdr_krb5_int16(xdrs, &objp->key_data_kvno)) {
+ if (!xdr_krb5_ui_2(xdrs, &objp->key_data_kvno)) {
return (FALSE);
}
if (!xdr_krb5_int16(xdrs, &objp->key_data_type[0])) {
diff --git a/src/lib/kadm5/srv/adb_xdr.c b/src/lib/kadm5/srv/adb_xdr.c
index de1bdc0..fc73297 100644
--- a/src/lib/kadm5/srv/adb_xdr.c
+++ b/src/lib/kadm5/srv/adb_xdr.c
@@ -21,7 +21,7 @@ xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
if (!xdr_krb5_int16(xdrs, &objp->key_data_ver))
return(FALSE);
- if (!xdr_krb5_int16(xdrs, &objp->key_data_kvno))
+ if (!xdr_krb5_ui_2(xdrs, &objp->key_data_kvno))
return(FALSE);
if (!xdr_krb5_int16(xdrs, &objp->key_data_type[0]))
return(FALSE);
diff --git a/src/lib/kdb/kdb_convert.c b/src/lib/kdb/kdb_convert.c
index 1370395..509016f 100644
--- a/src/lib/kdb/kdb_convert.c
+++ b/src/lib/kdb/kdb_convert.c
@@ -704,7 +704,7 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry **entry,
krb5_key_data *kp = &ent->key_data[j];
kdbe_key_t *kv = &ULOG_ENTRY_KEYVAL(update, i, j);
kp->key_data_ver = (krb5_int16)kv->k_ver;
- kp->key_data_kvno = (krb5_int16)kv->k_kvno;
+ kp->key_data_kvno = (krb5_ui_2)kv->k_kvno;
if (kp->key_data_ver > 2) {
return EINVAL; /* XXX ? */
}
diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index fb07665..33017ec 100644
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -436,6 +436,10 @@ rekey(krb5_context context, krb5_keyblock *mkey, krb5_key_salt_tuple *ks_tuple,
old_kvno = krb5_db_get_key_data_kvno(context, n_key_data, key_data);
if (new_kvno < old_kvno + 1)
new_kvno = old_kvno + 1;
+ /* Wrap from 65535 to 1; we can only store 16-bit kvno values in key_data,
+ * and we assign special meaning to kvno 0. */
+ if (new_kvno == (1 << 16))
+ new_kvno = 1;
/* Add new keys to the front of the list. */
if (password != NULL) {
diff --git a/src/lib/krb5/asn.1/ldap_key_seq.c b/src/lib/krb5/asn.1/ldap_key_seq.c
index deb4705..74569d9 100644
--- a/src/lib/krb5/asn.1/ldap_key_seq.c
+++ b/src/lib/krb5/asn.1/ldap_key_seq.c
@@ -51,6 +51,7 @@
IMPORT_TYPE(int32, krb5_int32);
DEFINTTYPE(int16, krb5_int16);
+DEFINTTYPE(uint16, krb5_ui_2);
DEFCOUNTEDSTRINGTYPE(ui2_octetstring, unsigned char *, krb5_ui_2,
k5_asn1_encode_bytestring, k5_asn1_decode_bytestring,
@@ -108,7 +109,7 @@ DEFCOUNTEDSEQOFTYPE(cseqof_key_data, krb5_int16, ptr_key_data);
DEFINT_IMMEDIATE(one, 1, ASN1_BAD_FORMAT);
DEFCTAGGEDTYPE(ldap_key_seq_0, 0, one);
DEFCTAGGEDTYPE(ldap_key_seq_1, 1, one);
-DEFFIELD(ldap_key_seq_2, ldap_seqof_key_data, kvno, 2, int16);
+DEFFIELD(ldap_key_seq_2, ldap_seqof_key_data, kvno, 2, uint16);
DEFFIELD(ldap_key_seq_3, ldap_seqof_key_data, mkvno, 3, int32);
DEFCNFIELD(ldap_key_seq_4, ldap_seqof_key_data, key_data, n_key_data, 4,
cseqof_key_data);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
index 5eca41e..cf1201d 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
@@ -98,7 +98,7 @@ ldap_xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_ver))
return(FALSE);
- if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_kvno))
+ if (!ldap_xdr_krb5_ui_2(xdrs, &objp->key_data_kvno))
return(FALSE);
if (!ldap_xdr_krb5_int16(xdrs, &objp->key_data_type[0]))
return(FALSE);
More information about the cvs-krb5
mailing list