krb5 commit: Log unknown enctypes as unsupported in KDC
Greg Hudson
ghudson at mit.edu
Tue Oct 1 15:20:56 EDT 2019
https://github.com/krb5/krb5/commit/5ee99b0007f480f01f86340d1c30da51cc80da96
commit 5ee99b0007f480f01f86340d1c30da51cc80da96
Author: Greg Hudson <ghudson at mit.edu>
Date: Fri Sep 27 16:55:37 2019 -0400
Log unknown enctypes as unsupported in KDC
Commit 8d8e68283b599e680f9fe45eff8af397e827bd6c logs both invalid and
deprecated enctypes as "DEPRECATED:". An invalid enctype might be too
old or marginal to be supported (like single-DES) or too new to be
recognized. For clarity, prefix invalid enctypes with "UNSUPPORTED:"
instead.
ticket: 8773
src/kdc/kdc_util.c | 18 ++++++++++--------
1 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 8c0fa8c..1982334 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1073,20 +1073,22 @@ void limit_string(char *name)
static krb5_error_code
enctype_name(krb5_enctype ktype, char *buf, size_t buflen)
{
- char *name;
+ const char *name, *prefix = "";
size_t len;
if (buflen == 0)
return EINVAL;
*buf = '\0'; /* ensure these are always valid C-strings */
- if (krb5int_c_deprecated_enctype(ktype)) {
- len = strlcpy(buf, "DEPRECATED:", buflen);
- if (len >= buflen)
- return ENOMEM;
- buflen -= len;
- buf += len;
- }
+ if (!krb5_c_valid_enctype(ktype))
+ prefix = "UNSUPPORTED:";
+ else if (krb5int_c_deprecated_enctype(ktype))
+ prefix = "DEPRECATED:";
+ len = strlcpy(buf, prefix, buflen);
+ if (len >= buflen)
+ return ENOMEM;
+ buflen -= len;
+ buf += len;
/* rfc4556 recommends that clients wishing to indicate support for these
* pkinit algorithms include them in the etype field of the AS-REQ. */
More information about the cvs-krb5
mailing list