summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/include/kdb.h59
-rw-r--r--src/kadmin/dbutil/dump.c12
-rw-r--r--src/kadmin/dbutil/kdb5_create.c15
-rw-r--r--src/kadmin/dbutil/kdb5_mkey.c26
-rw-r--r--src/kdc/do_as_req.c12
-rw-r--r--src/kdc/do_tgs_req.c7
-rw-r--r--src/kdc/kdc_preauth.c19
-rw-r--r--src/kdc/kdc_util.c5
-rw-r--r--src/lib/kadm5/srv/server_kdb.c4
-rw-r--r--src/lib/kadm5/srv/svr_principal.c51
-rw-r--r--src/lib/kdb/decrypt_key.c10
-rw-r--r--src/lib/kdb/encrypt_key.c12
-rw-r--r--src/lib/kdb/kdb5.c26
-rw-r--r--src/lib/kdb/kdb_cpw.c11
-rw-r--r--src/lib/kdb/kdb_default.c24
-rw-r--r--src/lib/kdb/keytab.c4
-rw-r--r--src/lib/kdb/libkdb5.exports8
-rw-r--r--src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c20
-rw-r--r--src/tests/create/kdb5_mkdums.c6
-rw-r--r--src/tests/verify/kdb5_verify.c4
20 files changed, 145 insertions, 190 deletions
diff --git a/src/include/kdb.h b/src/include/kdb.h
index 4406126b9..b65130d72 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -516,19 +516,19 @@ krb5_db_setup_mkey_name ( krb5_context context,
krb5_principal *principal);
krb5_error_code
-krb5_dbekd_decrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt);
+krb5_dbe_decrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_key_data * key_data,
+ krb5_keyblock * dbkey,
+ krb5_keysalt * keysalt);
krb5_error_code
-krb5_dbekd_encrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data);
+krb5_dbe_encrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_keyblock * dbkey,
+ const krb5_keysalt * keysalt,
+ int keyver,
+ krb5_key_data * key_data);
krb5_error_code
krb5_dbe_fetch_act_key_list(krb5_context context,
@@ -749,34 +749,19 @@ krb5_error_code
krb5_def_promote_db(krb5_context, char *, char **);
krb5_error_code
-krb5_dbekd_def_decrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt);
+krb5_dbe_def_decrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_key_data * key_data,
+ krb5_keyblock * dbkey,
+ krb5_keysalt * keysalt);
krb5_error_code
-krb5_dbekd_def_encrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data);
-
-krb5_error_code
-krb5_dbekd_def_decrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt);
-
-krb5_error_code
-krb5_dbekd_def_encrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data);
+krb5_dbe_def_encrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_keyblock * dbkey,
+ const krb5_keysalt * keysalt,
+ int keyver,
+ krb5_key_data * key_data);
krb5_error_code
krb5_db_create_policy( krb5_context kcontext,
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
index d0495e4cf..64c63afb1 100644
--- a/src/kadmin/dbutil/dump.c
+++ b/src/kadmin/dbutil/dump.c
@@ -302,9 +302,8 @@ krb5_error_code master_key_convert(context, db_entry)
retval = krb5_dbe_find_mkey(context, master_keylist, db_entry, &tmp_mkey);
if (retval)
return retval;
- retval = krb5_dbekd_decrypt_key_data(context, tmp_mkey,
- key_data, &v5plainkey,
- &keysalt);
+ retval = krb5_dbe_decrypt_key_data(context, tmp_mkey, key_data,
+ &v5plainkey, &keysalt);
if (retval)
return retval;
@@ -313,10 +312,9 @@ krb5_error_code master_key_convert(context, db_entry)
key_ptr = &v5plainkey;
kvno = (krb5_kvno) key_data->key_data_kvno;
- retval = krb5_dbekd_encrypt_key_data(context, &new_master_keyblock,
- key_ptr, &keysalt,
- (int) kvno,
- &new_key_data);
+ retval = krb5_dbe_encrypt_key_data(context, &new_master_keyblock,
+ key_ptr, &keysalt, (int) kvno,
+ &new_key_data);
if (retval)
return retval;
krb5_free_keyblock_contents(context, &v5plainkey);
diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c
index ba1653587..cf2f2a7f2 100644
--- a/src/kadmin/dbutil/kdb5_create.c
+++ b/src/kadmin/dbutil/kdb5_create.c
@@ -403,12 +403,9 @@ tgt_keysalt_iterate(ksent, ptr)
ind = iargs->dbentp->n_key_data-1;
if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype,
&key))) {
- kret = krb5_dbekd_encrypt_key_data(context,
- iargs->rblock->key,
- &key,
- NULL,
- 1,
- &iargs->dbentp->key_data[ind]);
+ kret = krb5_dbe_encrypt_key_data(context, iargs->rblock->key,
+ &key, NULL, 1,
+ &iargs->dbentp->key_data[ind]);
krb5_free_keyblock_contents(context, &key);
}
}
@@ -462,9 +459,9 @@ add_principal(context, princ, op, pblock)
else
mkey_kvno = 1; /* Default */
entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
- if ((retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
- &master_keyblock, NULL,
- mkey_kvno, entry.key_data)))
+ if ((retval = krb5_dbe_encrypt_key_data(context, pblock->key,
+ &master_keyblock, NULL,
+ mkey_kvno, entry.key_data)))
return retval;
/*
* There should always be at least one "active" mkey so creating the
diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index 6abd796d9..9c397b6ab 100644
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -90,7 +90,7 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry,
/* alloc enough space to hold new and existing key_data */
/*
- * The encrypted key is malloc'ed by krb5_dbekd_encrypt_key_data and
+ * The encrypted key is malloc'ed by krb5_dbe_encrypt_key_data and
* krb5_key_data key_data_contents is a pointer to this key. Using some
* logic from master_key_convert().
*/
@@ -105,10 +105,9 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry,
/* Note, mkey does not have salt */
/* add new mkey encrypted with itself to mkey princ entry */
- if ((retval = krb5_dbekd_encrypt_key_data(context, new_mkey,
- new_mkey, NULL,
- (int) new_mkey_kvno,
- &master_entry->key_data[0]))) {
+ if ((retval = krb5_dbe_encrypt_key_data(context, new_mkey, new_mkey, NULL,
+ (int) new_mkey_kvno,
+ &master_entry->key_data[0]))) {
return (retval);
}
/* the mvkno should be that of the newest mkey */
@@ -156,11 +155,9 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry,
memset(&tmp_key_data, 0, sizeof(tmp_key_data));
/* encrypt the new mkey with the older mkey */
- retval = krb5_dbekd_encrypt_key_data(context, &keylist_node->keyblock,
- new_mkey,
- NULL, /* no keysalt */
- (int) new_mkey_kvno,
- &tmp_key_data);
+ retval = krb5_dbe_encrypt_key_data(context, &keylist_node->keyblock,
+ new_mkey, NULL, (int) new_mkey_kvno,
+ &tmp_key_data);
if (retval)
goto clean_n_exit;
@@ -171,11 +168,10 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry,
/*
* Store old key in master_entry keydata past the new mkey
*/
- retval = krb5_dbekd_encrypt_key_data(context, new_mkey,
- &keylist_node->keyblock,
- NULL, /* no keysalt */
- (int) keylist_node->kvno,
- &master_entry->key_data[i]);
+ retval = krb5_dbe_encrypt_key_data(context, new_mkey,
+ &keylist_node->keyblock,
+ NULL, (int) keylist_node->kvno,
+ &master_entry->key_data[i]);
if (retval)
goto clean_n_exit;
}
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 9ceac84aa..18ce37f27 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -489,9 +489,9 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
*
* server_keyblock is later used to generate auth data signatures
*/
- if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr,
- server_key, &server_keyblock,
- NULL))) {
+ if ((errcode = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr,
+ server_key, &server_keyblock,
+ NULL))) {
status = "DECRYPT_SERVER_KEY";
goto errout;
}
@@ -537,9 +537,9 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
}
/* convert client.key_data into a real key */
- if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr,
- client_key, &client_keyblock,
- NULL))) {
+ if ((errcode = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr,
+ client_key, &client_keyblock,
+ NULL))) {
status = "DECRYPT_CLIENT_KEY";
goto errout;
}
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index f1ae84b97..827f65cb3 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -675,10 +675,9 @@ tgt_again:
* Convert server.key into a real key
* (it may be encrypted in the database)
*/
- if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context,
- mkey_ptr,
- server_key, &encrypting_key,
- NULL))) {
+ if ((errcode = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr,
+ server_key, &encrypting_key,
+ NULL))) {
status = "DECRYPT_SERVER_KEY";
goto cleanup;
}
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 00800aab0..d754edcf4 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -773,8 +773,8 @@ get_entry_data(krb5_context context,
if (krb5_dbe_find_enctype(context, entry, request->ktype[i],
-1, 0, &entry_key) != 0)
continue;
- if (krb5_dbekd_decrypt_key_data(context, mkey_ptr,
- entry_key, &keys[k], NULL) != 0) {
+ if (krb5_dbe_decrypt_key_data(context, mkey_ptr, entry_key,
+ &keys[k], NULL) != 0) {
if (keys[k].contents != NULL)
krb5_free_keyblock_contents(context, &keys[k]);
memset(&keys[k], 0, sizeof(keys[k]));
@@ -1474,8 +1474,8 @@ verify_enc_timestamp(krb5_context context, krb5_db_entry *client,
-1, 0, &client_key)))
goto cleanup;
- if ((retval = krb5_dbekd_decrypt_key_data(context, mkey_ptr,
- client_key, &key, NULL)))
+ if ((retval = krb5_dbe_decrypt_key_data(context, mkey_ptr, client_key,
+ &key, NULL)))
goto cleanup;
key.enctype = enc_data->enctype;
@@ -2156,10 +2156,9 @@ get_sam_edata(krb5_context context, krb5_kdc_req *request,
return retval;
}
/* convert server.key into a real key */
- retval = krb5_dbekd_decrypt_key_data(kdc_context,
- mkey_ptr,
- assoc_key, &encrypting_key,
- NULL);
+ retval = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr,
+ assoc_key, &encrypting_key,
+ NULL);
if (retval) {
kdc_err(kdc_context, retval,
"snk4 pulling out key entry");
@@ -2819,8 +2818,8 @@ static krb5_error_code verify_pkinit_request(
* Unfortunately this key is stored encrypted even though it's
* not sensitive...
*/
- krtn = krb5_dbekd_decrypt_key_data(context, mkey_ptr,
- key_data, &decrypted_key, NULL);
+ krtn = krb5_dbe_decrypt_key_data(context, mkey_ptr, key_data,
+ &decrypted_key, NULL);
if(krtn) {
kdcPkinitDebug("verify_pkinit_request: error decrypting cert hash block\n");
break;
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 6fa2d73a2..16c06296a 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -512,9 +512,8 @@ kdc_get_server_key(krb5_ticket *ticket, unsigned int flags,
goto errout;
}
if ((*key = (krb5_keyblock *)malloc(sizeof **key))) {
- retval = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr,
- server_key,
- *key, NULL);
+ retval = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr, server_key,
+ *key, NULL);
} else
retval = ENOMEM;
retval = krb5_c_enctype_compare(kdc_context, ticket->enc_part.enctype,
diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c
index 3c09f9097..768c8f739 100644
--- a/src/lib/kadm5/srv/server_kdb.c
+++ b/src/lib/kadm5/srv/server_kdb.c
@@ -213,8 +213,8 @@ kdb_get_hist_key(kadm5_server_handle_t handle, krb5_keyblock *hist_keyblock,
if (ret)
goto done;
- ret = krb5_dbekd_decrypt_key_data(handle->context, mkey,
- &kdb.key_data[0], hist_keyblock, NULL);
+ ret = krb5_dbe_decrypt_key_data(handle->context, mkey, &kdb.key_data[0],
+ hist_keyblock, NULL);
if (ret)
goto done;
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 469a8e885..451e4ff02 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -977,18 +977,15 @@ check_pw_reuse(krb5_context context,
krb5_error_code ret;
for (x = 0; x < n_new_key_data; x++) {
- ret = krb5_dbekd_decrypt_key_data(context,
- mkey,
- &(new_key_data[x]),
- &newkey, NULL);
+ ret = krb5_dbe_decrypt_key_data(context, mkey, &(new_key_data[x]),
+ &newkey, NULL);
if (ret)
return(ret);
for (y = 0; y < n_pw_hist_data; y++) {
for (z = 0; z < pw_hist_data[y].n_key_data; z++) {
- ret = krb5_dbekd_decrypt_key_data(context,
- hist_keyblock,
- &pw_hist_data[y].key_data[z],
- &histkey, NULL);
+ ret = krb5_dbe_decrypt_key_data(context, hist_keyblock,
+ &pw_hist_data[y].key_data[z],
+ &histkey, NULL);
if (ret)
return(ret);
@@ -1047,17 +1044,14 @@ int create_history_entry(krb5_context context, krb5_keyblock *mkey,
memset(hist->key_data, 0, n_key_data*sizeof(krb5_key_data));
for (i = 0; i < n_key_data; i++) {
- ret = krb5_dbekd_decrypt_key_data(context,
- mkey,
- &key_data[i],
- &key, &salt);
+ ret = krb5_dbe_decrypt_key_data(context, mkey, &key_data[i], &key,
+ &salt);
if (ret)
return ret;
- ret = krb5_dbekd_encrypt_key_data(context, hist_key,
- &key, &salt,
- key_data[i].key_data_kvno,
- &hist->key_data[i]);
+ ret = krb5_dbe_encrypt_key_data(context, hist_key, &key, &salt,
+ key_data[i].key_data_kvno,
+ &hist->key_data[i]);
if (ret)
return ret;
@@ -1731,9 +1725,8 @@ kadm5_setv4key_principal(void *server_handle,
goto done;
/* use tmp_key_data as temporary location and reallocate later */
- ret = krb5_dbekd_encrypt_key_data(handle->context, act_mkey,
- keyblock, &keysalt, kvno + 1,
- &tmp_key_data);
+ ret = krb5_dbe_encrypt_key_data(handle->context, act_mkey, keyblock,
+ &keysalt, kvno + 1, &tmp_key_data);
if (ret) {
goto done;
}
@@ -1935,12 +1928,10 @@ kadm5_setkey_principal_3(void *server_handle,
if (ret)
goto done;
- ret = krb5_dbekd_encrypt_key_data(handle->context,
- act_mkey,
- &keyblocks[i],
- n_ks_tuple ? &keysalt : NULL,
- kvno + 1,
- &tmp_key_data);
+ ret = krb5_dbe_encrypt_key_data(handle->context, act_mkey,
+ &keyblocks[i],
+ n_ks_tuple ? &keysalt : NULL, kvno + 1,
+ &tmp_key_data);
if (ret)
goto done;
@@ -2120,9 +2111,8 @@ static int decrypt_key_data(krb5_context context, krb5_keyblock *mkey,
memset(keys, 0, n_key_data*sizeof(krb5_keyblock));
for (i = 0; i < n_key_data; i++) {
- ret = krb5_dbekd_decrypt_key_data(context, mkey,
- &key_data[i],
- &keys[i], NULL);
+ ret = krb5_dbe_decrypt_key_data(context, mkey, &key_data[i], &keys[i],
+ NULL);
if (ret) {
for (; i >= 0; i--) {
if (keys[i].contents) {
@@ -2218,9 +2208,8 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle,
}
}
- if ((ret = krb5_dbekd_decrypt_key_data(handle->context,
- mkey_ptr, key_data,
- keyblock, keysalt)))
+ if ((ret = krb5_dbe_decrypt_key_data(handle->context, mkey_ptr, key_data,
+ keyblock, keysalt)))
return ret;
/*
diff --git a/src/lib/kdb/decrypt_key.c b/src/lib/kdb/decrypt_key.c
index 8006cf3fa..37c45975c 100644
--- a/src/lib/kdb/decrypt_key.c
+++ b/src/lib/kdb/decrypt_key.c
@@ -64,11 +64,11 @@
*/
krb5_error_code
-krb5_dbekd_def_decrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt)
+krb5_dbe_def_decrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_key_data * key_data,
+ krb5_keyblock * dbkey,
+ krb5_keysalt * keysalt)
{
krb5_error_code retval = 0;
krb5_int16 tmplen;
diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c
index bbf520bf8..02f093244 100644
--- a/src/lib/kdb/encrypt_key.c
+++ b/src/lib/kdb/encrypt_key.c
@@ -64,12 +64,12 @@
*/
krb5_error_code
-krb5_dbekd_def_encrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data)
+krb5_dbe_def_encrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_keyblock * dbkey,
+ const krb5_keysalt * keysalt,
+ int keyver,
+ krb5_key_data * key_data)
{
krb5_error_code retval;
krb5_octet * ptr;
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index bfcdbd6af..11be6dfd4 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -267,9 +267,9 @@ kdb_setup_opt_functions(db_library lib)
if (lib->vftabl.promote_db == NULL)
lib->vftabl.promote_db = krb5_def_promote_db;
if (lib->vftabl.dbekd_decrypt_key_data == NULL)
- lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data;
+ lib->vftabl.dbekd_decrypt_key_data = krb5_dbe_def_decrypt_key_data;
if (lib->vftabl.dbekd_encrypt_key_data == NULL)
- lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data;
+ lib->vftabl.dbekd_encrypt_key_data = krb5_dbe_def_encrypt_key_data;
}
#ifdef STATIC_PLUGINS
@@ -2308,11 +2308,11 @@ clean_n_exit:
}
krb5_error_code
-krb5_dbekd_decrypt_key_data( krb5_context kcontext,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt)
+krb5_dbe_decrypt_key_data( krb5_context kcontext,
+ const krb5_keyblock * mkey,
+ const krb5_key_data * key_data,
+ krb5_keyblock * dbkey,
+ krb5_keysalt * keysalt)
{
krb5_error_code status = 0;
kdb_vftabl *v;
@@ -2324,12 +2324,12 @@ krb5_dbekd_decrypt_key_data( krb5_context kcontext,
}
krb5_error_code
-krb5_dbekd_encrypt_key_data( krb5_context kcontext,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data)
+krb5_dbe_encrypt_key_data( krb5_context kcontext,
+ const krb5_keyblock * mkey,
+ const krb5_keyblock * dbkey,
+ const krb5_keysalt * keysalt,
+ int keyver,
+ krb5_key_data * key_data)
{
krb5_error_code status = 0;
kdb_vftabl *v;
diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index 723d98eaf..dcf00ab05 100644
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -186,9 +186,8 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno)
/* db library will free this. Since, its a so, it could actually be using different memory management
function. So, its better if the memory is allocated by the db's malloc. So, a temporary memory is used
here which will later be copied to the db_entry */
- retval = krb5_dbekd_encrypt_key_data(context, master_key,
- &key, NULL, kvno,
- &tmp_key_data);
+ retval = krb5_dbe_encrypt_key_data(context, master_key, &key, NULL,
+ kvno, &tmp_key_data);
krb5_free_keyblock_contents(context, &key);
if( retval )
@@ -464,9 +463,9 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
/* memory allocation to be done by db. So, use temporary block and later copy
it to the memory allocated by db */
- retval = krb5_dbekd_encrypt_key_data(context, master_key, &key,
- (const krb5_keysalt *)&key_salt,
- kvno, &tmp_key_data);
+ retval = krb5_dbe_encrypt_key_data(context, master_key, &key,
+ (const krb5_keysalt *)&key_salt,
+ kvno, &tmp_key_data);
if (key_salt.data.data)
free(key_salt.data.data);
free(key.contents);
diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index 545d50360..e8fe54ff1 100644
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -463,9 +463,9 @@ krb5_def_verify_master_key(krb5_context context,
return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
}
- if ((retval = krb5_dbekd_decrypt_key_data(context, mkey,
- &master_entry.key_data[0],
- &tempkey, NULL))) {
+ if ((retval = krb5_dbe_decrypt_key_data(context, mkey,
+ &master_entry.key_data[0],
+ &tempkey, NULL))) {
krb5_db_free_principal(context, &master_entry, nprinc);
return retval;
}
@@ -534,9 +534,8 @@ krb5_def_fetch_mkey_list(krb5_context context,
*/
if (mkey->enctype == master_entry.key_data[0].key_data_type[0]) {
- if (krb5_dbekd_decrypt_key_data(context, mkey,
- &master_entry.key_data[0],
- &cur_mkey, NULL) == 0) {
+ if (krb5_dbe_decrypt_key_data(context, mkey, &master_entry.key_data[0],
+ &cur_mkey, NULL) == 0) {
found_key = TRUE;
}
}
@@ -549,9 +548,9 @@ krb5_def_fetch_mkey_list(krb5_context context,
for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
aux_data_entry = aux_data_entry->next) {
- if (krb5_dbekd_decrypt_key_data(context, mkey,
- &aux_data_entry->latest_mkey,
- &cur_mkey, NULL) == 0) {
+ if (krb5_dbe_decrypt_key_data(context, mkey,
+ &aux_data_entry->latest_mkey,
+ &cur_mkey, NULL) == 0) {
found_key = TRUE;
break;
}
@@ -596,10 +595,9 @@ krb5_def_fetch_mkey_list(krb5_context context,
memset(*mkey_list_node, 0, sizeof(krb5_keylist_node));
}
key_data = &master_entry.key_data[i];
- retval = krb5_dbekd_decrypt_key_data(context, &cur_mkey,
- key_data,
- &((*mkey_list_node)->keyblock),
- NULL);
+ retval = krb5_dbe_decrypt_key_data(context, &cur_mkey, key_data,
+ &((*mkey_list_node)->keyblock),
+ NULL);
if (retval)
goto clean_n_exit;
diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c
index 03cc897c3..ae02e918f 100644
--- a/src/lib/kdb/keytab.c
+++ b/src/lib/kdb/keytab.c
@@ -185,8 +185,8 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
goto error;
- kerror = krb5_dbekd_decrypt_key_data(context, master_key,
- key_data, &entry->key, NULL);
+ kerror = krb5_dbe_decrypt_key_data(context, master_key, key_data,
+ &entry->key, NULL);
if (kerror)
goto error;
diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports
index c9880982d..c32a8db5e 100644
--- a/src/lib/kdb/libkdb5.exports
+++ b/src/lib/kdb/libkdb5.exports
@@ -55,10 +55,10 @@ krb5_dbe_update_mkey_aux
krb5_dbe_update_mkvno
krb5_dbe_update_mod_princ_data
krb5_dbe_update_tl_data
-krb5_dbekd_def_encrypt_key_data
-krb5_dbekd_def_decrypt_key_data
-krb5_dbekd_decrypt_key_data
-krb5_dbekd_encrypt_key_data
+krb5_dbe_def_encrypt_key_data
+krb5_dbe_def_decrypt_key_data
+krb5_dbe_decrypt_key_data
+krb5_dbe_encrypt_key_data
krb5_kt_kdb_ops
krb5_ktkdb_close
krb5_ktkdb_get_entry
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
index eb3dec74b..cc918142c 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
@@ -2322,12 +2322,8 @@ kdb_ldap_tgt_keysalt_iterate(krb5_key_salt_tuple *ksent, krb5_pointer ptr)
if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype,
&key))) {
- kret = krb5_dbekd_encrypt_key_data(context,
- iargs->rblock->key,
- &key,
- NULL,
- 1,
- &entry->key_data[ind]);
+ kret = krb5_dbe_encrypt_key_data(context, iargs->rblock->key, &key,
+ NULL, 1, &entry->key_data[ind]);
krb5_free_keyblock_contents(context, &key);
}
/*}*/
@@ -2441,9 +2437,9 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ,
goto cleanup;
}
kvno = 1; /* New key is getting set */
- retval = krb5_dbekd_encrypt_key_data(context, master_keyblock,
- &key, NULL, kvno,
- &entry.key_data[entry.n_key_data - 1]);
+ retval = krb5_dbe_encrypt_key_data(context, master_keyblock,
+ &key, NULL, kvno,
+ &entry.key_data[entry.n_key_data - 1]);
krb5_free_keyblock_contents(context, &key);
if (retval) {
goto cleanup;
@@ -2477,9 +2473,9 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ,
memset(entry.key_data, 0, sizeof(krb5_key_data));
entry.n_key_data++;
kvno = 1; /* New key is getting set */
- retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
- master_keyblock, NULL, kvno,
- &entry.key_data[entry.n_key_data - 1]);
+ retval = krb5_dbe_encrypt_key_data(context, pblock->key,
+ master_keyblock, NULL, kvno,
+ &entry.key_data[entry.n_key_data - 1]);
if (retval) {
goto cleanup;
}
diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c
index 29143e0fd..3179b968e 100644
--- a/src/tests/create/kdb5_mkdums.c
+++ b/src/tests/create/kdb5_mkdums.c
@@ -292,9 +292,9 @@ add_princ(context, str_newprinc)
goto error;
}
- if ((retval = krb5_dbekd_encrypt_key_data(context,&master_keyblock,
- &key, NULL, 1,
- newentry.key_data))) {
+ if ((retval = krb5_dbe_encrypt_key_data(context, &master_keyblock,
+ &key, NULL, 1,
+ newentry.key_data))) {
com_err(progname, retval, "while encrypting key for '%s'",
princ_name);
free(key.contents);
diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c
index 63995a504..2e465f36f 100644
--- a/src/tests/verify/kdb5_verify.c
+++ b/src/tests/verify/kdb5_verify.c
@@ -281,8 +281,8 @@ check_princ(context, str_princ)
goto errout;
}
- if ((retval = krb5_dbekd_decrypt_key_data(context, &master_keyblock,
- kdbe.key_data, &db_key, NULL))) {
+ if ((retval = krb5_dbe_decrypt_key_data(context, &master_keyblock,
+ kdbe.key_data, &db_key, NULL))) {
com_err(progname, retval, "while decrypting key for '%s'", princ_name);
goto errout;
}
generated by cgit (git 2.34.1) at 2024-11-09 00:01:58 +0000