| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
In add_key_pwd, initialize s2k_params to NULL inside the loop over
enctypes instead of outside the loop, so that if the afs3 salt type
is used it does not contaminate later enctype/salt pairs in the list.
ticket: 7733
tags: pullup
target_version: 1.12
|
|
|
|
|
|
|
|
|
|
|
|
| |
In krb5_init_creds_ctx and krb5_clpreauth_rock_st, use a boolean to
track whether we're still using the default salt instead of
overloading salt.length. In preauth2.c, process afs3 salt values like
we would in krb5int_des_string_to_key, and set an s2kparams indicator
instead of overloading salt.length. Also use an s2kparams indicator
in kdb_cpw.c's add_key_pwd. Remove the s2k code to handle overloaded
salt lengths, except for a sanity check.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25837 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change allows the "special" salt type to be used in
supported_enctypes or in the argument to kadmin's cpw -e. If used,
kadmind will pick a salt consisting of 64 random bits represented as
16 printable ASCII characters. The use of random explicit salts
creates some interoperability issues and is not generally recommended,
but can be useful for interop testing, as a workaround for obscure
bugs, or to increase the difficulty of brute-force password searches
in situations where none of the interoperability issues apply.
ticket: 6964
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25226 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
free_principal, delete_principal, and get_policy. Make get_principal
allocate the DB entry container. Fold krb5_db_get_principal_ext into
krb5_db_get_principal.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
just use the krb5_dbe prefix.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
krb5int_copy_data_contents that adds a trailing '\0' so the result can
be used as a C string.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21893 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
unicode, windows code
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit for the Master Key Migration Project.
http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration
This commit provides the ability to add a new master key (with an
enctype differing from the current master key) to the master key
principal and stash file and then migrate the encryption of existing
principals long term keys to use the new master key. In addition
deletion of master keys is provided.
ticket: 6354
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
char* and calls free.
Replace most uses, outside of the LDAP KDB plugin, which doesn't build
on my test system of the moment because of version dependencies. Add
one explicit cast to make the change warning-neutral (under gcc 4.0.1
on Mac OS X 10.5.6).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21812 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
of places where it's actually needed. Update dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17898 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Will probably break things.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17258 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13906 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
krb5_encode_princ_contents): Delcare local variable unsigned.
* kdb_cpw.c (add_key_pwd): Declare local variable unsigned based
on use.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13644 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
* kdb_cpw.c (add_key_pwd): Change salt data length of -1 to
SALT_TYPE_AFS_LENGTH.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12778 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
assignment in conditional and remove unused variables.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12531 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
(krb5_dbe_cpw): Fix to actually save old keys.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12054 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
(krb5_dbe_cpw): Add "keepold" boolean argument to indicate whether
to retain old keys.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11045 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
key for afs_mit_string_to_key mut be null terminated.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10254 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
handles the AFS3 salttype, but then replace it with the actual
length for later processing.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9377 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
(add_key_pwd): fix memory leak [krb5-kdc/164]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9376 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
| |
OV_MERGE branches. This includes, but is not limited to, the new openvision
admin system, and major changes to gssapi to add functionality, and bring
the implementation in line with rfc1964. before committing, the
code was built and tested for netbsd and solaris.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8774 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7770 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Remove krb5_enctype from krb5_string_to_key() args.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7083 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
is 0 then set keysalt->data.data to NULL.
* kdb_cpw.c (add_key_rnd(), add_key_pwd()) : When creating new keys
for a new kvno and there are multiple enctypes that use a
common keytype, then set the enctype in the key to the first
specified enctype and skip all other enctypes that use
the same keytype. (This assumes the salt type is the same too.)
This way when the kdc needs to get the server key it doesn't
need to gues what enctypes the server supports.
* kdb_xdr.c (krb5_dbe_find_enctype()): Match keys that use common
keytypes but different enctypes. Eg. ENCTYPE_DES_CBC_MD5
matches ENCTYPE_DES_CBC_CRC and vice versa.
* kdb_xdr.c krb5_dbe_find_enctype()): If kvno = 0 then determine
maxkvno for all the keys and then search keys for a key that
matches enctype salttype and has kvno == maxkvno. This
is different than when kvno = -1 which searches the keys
for THE key with the greatest kvno which also matches enctype
and salttype.
* kdb_kdr.c (krb5_dbe_find_enctype()): If kvno = ktype = stype = -1
then set kvno = 0. The first doesn't make a lot of sense.
* kdb_xdr.c (krb5_dbe_encode_last_pwd_change(),
krb5_dbe_decode_last_pwd_change()) : Added.
* kdb_xdr.c (krb5_decode_princ_contents()) : Don't try to allocate
space for keys if n_key_data = 0.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7012 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
| |
* kdb_cpw.c, kdb_xdr.c, store_mkey.c, t_kdb.c :
s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6718 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6485 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6478 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6475 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
initializer stuff and use build_principal_ext like we
should have in the first place to build the tgt principal.
Why are we using the TGS key to seed the random number generator?
This makes randomized service keys have data that is derived from the
TGS key. Do we really want that? Or am I missing something here?
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6474 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6433 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6431 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Rewritten for new kdb format.
* kdb_cpw.c : New password changing routines for new kdb format.
* verify_mky.c, t_kdb.c : Use new kdb format.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6328 dc483132-0cff-0310-8789-dd5450dbe970
|