summaryrefslogtreecommitdiffstats
path: root/src/lib/kdb/keytab.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix condition with empty bodyDavid Benjamin2013-03-151-2/+2
| | | | | | | | Found by clang's warnings. ticket: 7591 (new) target_version: 1.11.2 tags: pullup
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-091-3/+2
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* kdb: store mkey list in context and permit NULL mkey for ↵Sam Hartman2010-09-151-11/+1
| | | | | | | | | | | | | | | | | | | | | | | | kdb_dbe_decrypt_key_data Previously, code needed to run a loop to find the current master key, possibly fetch a new master key list and try finding the master key again around each key decryption. This was not universally done; there are cases where only the current master key was used. In addition, the correct ideom for decrypting key data is too complicated and is potentially unavailable to plugins that do not have access to the master key. Instead, store the master key list in the dal_handle whenever it is fetched and permit a NULL master key for krb5_dbe_decrypt_key_data. * Remove APIs for krb5_db_{get|set}_mkey_list * krb5_db_fetch_mkey_list: memoize master key list in dal_handle * krb5_db_free_mkey_list: don't free the memoized list; arrange for it to be freed later * krb5_dbe_decrypt_key_data: Search for correct master key on NULL argument * change call sites to take advantage ticket: 6778 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24314 dc483132-0cff-0310-8789-dd5450dbe970
* Remove count parameters from get_principal, put_principal,Greg Hudson2010-07-061-17/+10
| | | | | | | | | | | free_principal, delete_principal, and get_policy. Make get_principal allocate the DB entry container. Fold krb5_db_get_principal_ext into krb5_db_get_principal. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24175 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data toGreg Hudson2010-07-021-2/+2
| | | | | | | | | just use the krb5_dbe prefix. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-311-79/+79
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Master Key Migration ProjectWill Fiveash2009-01-301-1/+6
| | | | | | | | | | | | | | | Commit for the Master Key Migration Project. http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration This commit provides the ability to add a new master key (with an enctype differing from the current master key) to the master key principal and stash file and then migrate the encryption of existing principals long term keys to use the new master key. In addition deletion of master keys is provided. ticket: 6354 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21844 dc483132-0cff-0310-8789-dd5450dbe970
* Start to phase out krb5_xfree macro, which just casts its argument toKen Raeburn2009-01-281-1/+1
| | | | | | | | | | | char* and calls free. Replace most uses, outside of the LDAP KDB plugin, which doesn't build on my test system of the moment because of version dependencies. Add one explicit cast to make the change warning-neutral (under gcc 4.0.1 on Mac OS X 10.5.6). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21812 dc483132-0cff-0310-8789-dd5450dbe970
* kdb/keytab.c: map KRB5_KDB_NO_MATCHING_KEY to KRB5_KT_KVNONOTFOUND.Sam Hartman2009-01-071-0/+2
| | | | | | | At least in cases other than tgts, this code handles its own enctype matching, so kvno not found is the only thing that produces the no matching key error. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21718 dc483132-0cff-0310-8789-dd5450dbe970
* Use strlcpy instead of strcpy in many placesGreg Hudson2008-10-241-2/+1
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20919 dc483132-0cff-0310-8789-dd5450dbe970
* Novell Database Abstraction Layer merge.Ken Raeburn2005-06-211-7/+6
| | | | | | Will probably break things. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17258 dc483132-0cff-0310-8789-dd5450dbe970
* * keytab.c (krb5_ktkdb_get_entry): Change local variable rom intEzra Peisach2004-05-251-1/+1
| | | | | | | to krb5_boolean to match prototype for as argument to krb5_c_enctype_compare. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16361 dc483132-0cff-0310-8789-dd5450dbe970
* * keytab.c (krb5_ktkdb_get_entry): Don't use local variable "context" untilKen Raeburn2004-04-031-1/+3
| | | | | | after it's been set. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16229 dc483132-0cff-0310-8789-dd5450dbe970
* add get_name callback for kdb keytab type, for debuggingKen Raeburn2003-12-131-1/+11
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15910 dc483132-0cff-0310-8789-dd5450dbe970
* Cross realm checks can check beyond end of bufferEzra Peisach2003-05-221-1/+1
| | | | | | | | | | | * keytab.c (is_xrealm_tgt): Use strncmp instead of strcmp - as principal and realm name do not need to be null terminated. ticket: new tags: pullup target_version: 1.3 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15466 dc483132-0cff-0310-8789-dd5450dbe970
* fix kadmind startup failure with krb4 vuln patchTom Yu2003-03-191-8/+10
| | | | | | | | | | | * keytab.c (krb5_ktkdb_get_entry): Do not perform the enctype comparison if the requested enctype is a wildcard. ticket: new status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15295 dc483132-0cff-0310-8789-dd5450dbe970
* Disable krb4 cross-realm in krb524d and krb5kdc. Provide an option toSam Hartman2003-03-171-1/+46
| | | | | | | | | | | | | | | | | | | reenable (-X) which prints a warning that you are creating a security hole. Remove support for generating krb4 tickets encrypted using 3DES service keys as it is insecure. They are still accepted however. The KDc is much more strict about accepting only tickets that it would have issued in the current configuration. In particular if the KDC would choose some enctype for writing a TGT, other enctypes will not be accepted when using a TGT. Ticket: 1385 Target_Version: 1.3 Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15286 dc483132-0cff-0310-8789-dd5450dbe970
* use kdb keytab for kadmindTom Yu2003-03-061-4/+27
| | | | | | | | | | | | | kadmind previously required a file-based keytab to support its use of gssapi. For ease of administration, a kdb-based keytab would be beneficial. This commit includes changes to the kdb library to support this goal, as well as actual changes in the kadmind itself. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15237 dc483132-0cff-0310-8789-dd5450dbe970
* Change comments to remove the note that we're going to redesign keyTom Yu2003-02-081-2/+1
| | | | | | | | storage architecture for 1.3. ticket: 1193 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15168 dc483132-0cff-0310-8789-dd5450dbe970
* * keytab.c (krb5_ktkdb_get_entry): For consistency, check forTom Yu2002-08-151-0/+6
| | | | | | DISALLOW_ALL_TIX and DISALLOW_SVR when looking up keys. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14727 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_xdr.c (krb5_dbe_search_enctype): Filter out enctypes thatTom Yu2001-10-251-0/+7
| | | | | | | | | | aren't in permitted_enctypes. This prevents the KDC from issuing a ticket whose enctype that it won't accept. * keytab.c (krb5_ktkdb_get_entry): For now, coerce enctype of output keyblock in case we got a match on a similar enctype. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13855 dc483132-0cff-0310-8789-dd5450dbe970
* Don't conditionalize prototypes; delete macros supporting it. (Maybe overdone;Ken Raeburn2001-10-101-3/+3
| | | | | | don't worry about restoring them when importing new versions of code.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13792 dc483132-0cff-0310-8789-dd5450dbe970
* copyright notice updates from 1.1 branchKen Raeburn1999-09-241-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11853 dc483132-0cff-0310-8789-dd5450dbe970
* pull up 3des implementation from the marc-3des branchMarc Horowitz1998-10-301-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11001 dc483132-0cff-0310-8789-dd5450dbe970
* * keytab.c: (krb5_ktkdb_get_entry): Incoming principal is constEzra Peisach1997-09-151-2/+2
| | | | | | | | | | | | | | | | * kdb_dbm.c (krb5_dbm_db_get_principal, krb5_dbm_db_delete_principal): Incoming principal is const. * kdb_xdr.c (krb5_dbe_update_mod_princ_data, krb5_encode_princ_dbkey): Incoming principal is const. * kdb_db2.h (krb5_db2_db_get_principal): Change prototype to const principal. * kdb_db2.c (krb5_db2_db_get_principal, krb5_db2_db_delete_principal): The search for principal is const. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10192 dc483132-0cff-0310-8789-dd5450dbe970
* * t_kdb.c: Reflect changes in the API, mostly db_createTom Yu1997-07-251-23/+10
| | | | | | | | | | | | | | * Makefile.in: Bump version due to major reworking. * kdb_db2.h: * kdb_db2.c: Add Berkely DB backend. * keytab.c: Add support for new kdb API; delete dead arguments. * kdb_xdr.c: Remove dependencies on dbm; encode things to krb5_datas rather than datums. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10130 dc483132-0cff-0310-8789-dd5450dbe970
* * keytab.c: Don't assume dbm_db_get_mkey() and dbe_find_enctypeTom Yu1997-03-171-14/+23
| | | | | | | won't error out. Also, some gcc -Wall warning cleanups. [krb5-kdc/361] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10004 dc483132-0cff-0310-8789-dd5450dbe970
* Don't dump core when principal doesn't existSam Hartman1996-08-101-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8919 dc483132-0cff-0310-8789-dd5450dbe970
* * keytab.c (krb5_ktkdb_close): Free memory allocated byEzra Peisach1996-06-111-1/+12
| | | | | | krb5_ktkdb_resolve. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8291 dc483132-0cff-0310-8789-dd5450dbe970
* * keytab.c (krb5_ktkdb_close): new function, non-optional.Mark Eichin1996-02-241-10/+21
| | | | | | | (krb5_kt_kdb_ops): include _close method, comment what the other slots are. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7510 dc483132-0cff-0310-8789-dd5450dbe970
* * t_kdb.c: wrap db_dbm decls and berkely_dispatch in ifdefsMark Eichin1996-01-271-2/+2
| | | | | | | | | BERK_DB_DBM. (do_testing): wrap references as well. * keytab.c (krb5_ktkdb_get_entry): use KRB5_PROTOTYPE. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7400 dc483132-0cff-0310-8789-dd5450dbe970
* * keytab.c (krb5_ktkdb_resolve): Fix castingEzra Peisach1995-12-181-1/+1
| | | | | | * t_kdb.c (add_principal): Remove mkvno git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7234 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in, keytab.c : Move db keytab routines hereChris Provenzano1995-12-131-0/+117
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7223 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2024-06-21 10:38:24 +0000