summaryrefslogtreecommitdiffstats
path: root/src/lib/kdb/kdb_cpw.c
Commit message (Collapse)AuthorAgeFilesLines
* Reset key-generation parameters for each enctypeBen Kaduk2013-10-251-1/+2
| | | | | | | | | | In add_key_pwd, initialize s2k_params to NULL inside the loop over enctypes instead of outside the loop, so that if the afs3 salt type is used it does not contaminate later enctype/salt pairs in the list. ticket: 7733 tags: pullup target_version: 1.12
* Stop using SALT_TYPE_AFS_LENGTHGreg Hudson2012-04-271-17/+12
| | | | | | | | | | | | In krb5_init_creds_ctx and krb5_clpreauth_rock_st, use a boolean to track whether we're still using the default salt instead of overloading salt.length. In preauth2.c, process afs3 salt values like we would in krb5int_des_string_to_key, and set an s2kparams indicator instead of overloading salt.length. Also use an s2kparams indicator in kdb_cpw.c's add_key_pwd. Remove the s2k code to handle overloaded salt lengths, except for a sanity check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25837 dc483132-0cff-0310-8789-dd5450dbe970
* Support special salt type in default krb5_dbe_cpwGreg Hudson2011-09-221-0/+36
| | | | | | | | | | | | | | | This change allows the "special" salt type to be used in supported_enctypes or in the argument to kadmin's cpw -e. If used, kadmind will pick a salt consisting of 64 random bits represented as 16 printable ASCII characters. The use of random explicit salts creates some interoperability issues and is not generally recommended, but can be useful for interop testing, as a workaround for obscure bugs, or to increase the difficulty of brute-force password searches in situations where none of the interoperability issues apply. ticket: 6964 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25226 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-091-4/+1
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-061-15/+7
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson2010-07-021-6/+5
| | | | | | | | | just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-311-388/+387
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Create and use (in several places) a variant ofKen Raeburn2009-02-051-26/+11
| | | | | | | krb5int_copy_data_contents that adds a trailing '\0' so the result can be used as a C string. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21893 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-021-2/+2
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* Master Key Migration ProjectWill Fiveash2009-01-301-8/+10
| | | | | | | | | | | | | | | Commit for the Master Key Migration Project. http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration This commit provides the ability to add a new master key (with an enctype differing from the current master key) to the master key principal and stash file and then migrate the encryption of existing principals long term keys to use the new master key. In addition deletion of master keys is provided. ticket: 6354 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
* Start to phase out krb5_xfree macro, which just casts its argument toKen Raeburn2009-01-281-3/+3
| | | | | | | | | | | char* and calls free. Replace most uses, outside of the LDAP KDB plugin, which doesn't build on my test system of the moment because of version dependencies. Add one explicit cast to make the change warning-neutral (under gcc 4.0.1 on Mac OS X 10.5.6). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21812 dc483132-0cff-0310-8789-dd5450dbe970
* Don't include kdb.h from k5-int.h; instead, include it in the handfulKen Raeburn2006-04-131-0/+1
| | | | | | of places where it's actually needed. Update dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17898 dc483132-0cff-0310-8789-dd5450dbe970
* Novell Database Abstraction Layer merge.Ken Raeburn2005-06-211-18/+108
| | | | | | Will probably break things. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17258 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_cpw.c (cleanup_key_data): Do not free NULL pointerEzra Peisach2001-10-301-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13906 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_xdr.c (krb5_dbe_update_mod_princ_data,Ezra Peisach2001-07-271-1/+2
| | | | | | | | | krb5_encode_princ_contents): Delcare local variable unsigned. * kdb_cpw.c (add_key_pwd): Declare local variable unsigned based on use. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13644 dc483132-0cff-0310-8789-dd5450dbe970
* * fetch_mkey.c: Signed/unsigned int cleanupEzra Peisach2000-10-171-3/+4
| | | | | | | * kdb_cpw.c (add_key_pwd): Change salt data length of -1 to SALT_TYPE_AFS_LENGTH. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12778 dc483132-0cff-0310-8789-dd5450dbe970
* * encrypt_key.c, kdb_cpw.c, kdb_xdr.c: Add parenthesis aboutEzra Peisach2000-07-041-18/+16
| | | | | | assignment in conditional and remove unused variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12531 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_cpw.c (krb5_dbe_crk):Tom Yu2000-02-191-0/+8
| | | | | | (krb5_dbe_cpw): Fix to actually save old keys. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12054 dc483132-0cff-0310-8789-dd5450dbe970
* copyright notice updates from 1.1 branchKen Raeburn1999-09-241-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_cpw.c (krb5_dbe_crk):Tom Yu1998-11-171-8/+32
| | | | | | | (krb5_dbe_cpw): Add "keepold" boolean argument to indicate whether to retain old keys. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11045 dc483132-0cff-0310-8789-dd5450dbe970
* pull up 3des implementation from the marc-3des branchMarc Horowitz1998-10-301-120/+89
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_cpw.c (add_key_pwd): For KRB5_KDB_SALTTYPE_AFS3, the saltEzra Peisach1997-10-281-0/+14
| | | | | | key for afs_mit_string_to_key mut be null terminated. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10254 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_cpw.c (add_key_pwd): set length to -1 so krb5_string_to_keyMark Eichin1996-11-121-1/+5
| | | | | | | handles the AFS3 salttype, but then replace it with the actual length for later processing. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9377 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_cpw.c (cleanup_key_data): fix memory leak [krb5-kdc/163]Barry Jaspan1996-11-111-2/+10
| | | | | | (add_key_pwd): fix memory leak [krb5-kdc/164] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9376 dc483132-0cff-0310-8789-dd5450dbe970
* this commit includes all the changes on the OV_9510_INTEGRATION andMarc Horowitz1996-07-221-13/+33
| | | | | | | | | OV_MERGE branches. This includes, but is not limited to, the new openvision admin system, and major changes to gssapi to add functionality, and bring the implementation in line with rfc1964. before committing, the code was built and tested for netbsd and solaris. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8774 dc483132-0cff-0310-8789-dd5450dbe970
* add afs3 salt supportMark Eichin1996-04-091-0/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7770 dc483132-0cff-0310-8789-dd5450dbe970
* * fetch_mkey.c, kdb_cpw.c, t_kdb.c :Chris Provenzano1995-11-091-3/+2
| | | | | | Remove krb5_enctype from krb5_string_to_key() args. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7083 dc483132-0cff-0310-8789-dd5450dbe970
* * decrypt_key.c (krb5_dbekd_decrypt_key_data()) : If key salt lengthChris Provenzano1995-11-031-31/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | is 0 then set keysalt->data.data to NULL. * kdb_cpw.c (add_key_rnd(), add_key_pwd()) : When creating new keys for a new kvno and there are multiple enctypes that use a common keytype, then set the enctype in the key to the first specified enctype and skip all other enctypes that use the same keytype. (This assumes the salt type is the same too.) This way when the kdc needs to get the server key it doesn't need to gues what enctypes the server supports. * kdb_xdr.c (krb5_dbe_find_enctype()): Match keys that use common keytypes but different enctypes. Eg. ENCTYPE_DES_CBC_MD5 matches ENCTYPE_DES_CBC_CRC and vice versa. * kdb_xdr.c krb5_dbe_find_enctype()): If kvno = 0 then determine maxkvno for all the keys and then search keys for a key that matches enctype salttype and has kvno == maxkvno. This is different than when kvno = -1 which searches the keys for THE key with the greatest kvno which also matches enctype and salttype. * kdb_kdr.c (krb5_dbe_find_enctype()): If kvno = ktype = stype = -1 then set kvno = 0. The first doesn't make a lot of sense. * kdb_xdr.c (krb5_dbe_encode_last_pwd_change(), krb5_dbe_decode_last_pwd_change()) : Added. * kdb_xdr.c (krb5_decode_princ_contents()) : Don't try to allocate space for keys if n_key_data = 0. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7012 dc483132-0cff-0310-8789-dd5450dbe970
* * decrypt_key.c, encrypt_key.c, fetch_mkey.c, kdb_compat.c,Chris Provenzano1995-09-061-7/+7
| | | | | | | * kdb_cpw.c, kdb_xdr.c, store_mkey.c, t_kdb.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6718 dc483132-0cff-0310-8789-dd5450dbe970
* Fix various memory allocation and key/salt tuple related bugsPaul Park1995-08-091-5/+41
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6485 dc483132-0cff-0310-8789-dd5450dbe970
* Terminate variable arglist to krb5_build_principal_ext()Paul Park1995-08-091-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6478 dc483132-0cff-0310-8789-dd5450dbe970
* fix typosTom Yu1995-08-091-3/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6475 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_cpw.c (add_key_rnd): remove bletcherous aggregateTom Yu1995-08-091-22/+15
| | | | | | | | | | | initializer stuff and use build_principal_ext like we should have in the first place to build the tgt principal. Why are we using the TGS key to seed the random number generator? This makes randomized service keys have data that is derived from the TGS key. Do we really want that? Or am I missing something here? git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6474 dc483132-0cff-0310-8789-dd5450dbe970
* Manually initialize krbtgt_princ.dataPaul Park1995-08-071-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6433 dc483132-0cff-0310-8789-dd5450dbe970
* New routines for changing passwords of new kdb entriesChris Provenzano1995-08-071-15/+383
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6431 dc483132-0cff-0310-8789-dd5450dbe970
* * decrypt_key.c, encrypt_key.c, kdb_dbm.c, kdb_xdr.c:Chris Provenzano1995-07-271-0/+68
Rewritten for new kdb format. * kdb_cpw.c : New password changing routines for new kdb format. * verify_mky.c, t_kdb.c : Use new kdb format. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6328 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-06-25 03:22:02 +0000