summaryrefslogtreecommitdiffstats
path: root/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c
Commit message (Collapse)AuthorAgeFilesLines
* Heap corruption in ipapwd pluginThierry Bordaz2016-07-191-1/+1
| | | | | | | | | | | | | | | | | | | ipapwd_encrypt_encode_key allocates 'kset' on the heap but with num_keys and keys not being initialized. Then ipa_krb5_generate_key_data initializes them with the generated keys. If ipa_krb5_generate_key_data fails (here EINVAL meaning no principal->realm.data), num_keys and keys are left uninitialized. Upon failure, ipapwd_keyset_free is called to free 'kset' that contains random num_keys and keys. allocates kset with calloc so that kset->num_keys==0 and kset->keys==NULL https://fedorahosted.org/freeipa/ticket/6030 Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Improve keytab code to select the right principal.Simo Sorce2016-02-011-7/+16
| | | | | | | | | | | | Whe requesting a keytab the salt used is the NORMAL type (for backwards and AD compatibility), however since we added alias support we need to search for the krbCanonicalName in preference, hen nothing is specified, and for the requested principal name when a getkeytab operation is performed. This is so that the correct salt can be applied. (Windows AD uses some peculiar aliases for some special accounts to generate the salt). Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* keytabs: Expose and modify key encoding functionSimo Sorce2014-06-261-7/+13
| | | | | | | | | | | Make it available outside of the encoding.c file for use in a follow-up patch. Add option to not pass a password and generate a random key instead. Related: https://fedorahosted.org/freeipa/ticket/3859 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Remove generation and handling of LM hashesSumit Bose2013-11-011-33/+15
| | | | https://fedorahosted.org/freeipa/ticket/3795
* Remove unnecessary prefixes from ipa-pwd-extop filesNathaniel McCallum2013-05-171-0/+291