diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-07-02 17:33:44 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-07-02 17:33:44 +0000 |
| commit | 6dc8b18192b302b3208d13d8bda9cc3380d5fbec (patch) | |
| tree | 6616cfaad37f22cab4baebb82904fe234cc11ec9 | |
| parent | beeab09509ed1e46e1fbe4358c6388caf0dcdc61 (diff) | |
| download | krb5-6dc8b18192b302b3208d13d8bda9cc3380d5fbec.zip krb5-6dc8b18192b302b3208d13d8bda9cc3380d5fbec.tar.gz krb5-6dc8b18192b302b3208d13d8bda9cc3380d5fbec.tar.bz2 | |
Rename krb5_dbekd_encrypt_key_data and krb5_dbekd_decrypt_key_data to
just use the krb5_dbe prefix.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24164 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/include/kdb.h | 59 | ||||
| -rw-r--r-- | src/kadmin/dbutil/dump.c | 12 | ||||
| -rw-r--r-- | src/kadmin/dbutil/kdb5_create.c | 15 | ||||
| -rw-r--r-- | src/kadmin/dbutil/kdb5_mkey.c | 26 | ||||
| -rw-r--r-- | src/kdc/do_as_req.c | 12 | ||||
| -rw-r--r-- | src/kdc/do_tgs_req.c | 7 | ||||
| -rw-r--r-- | src/kdc/kdc_preauth.c | 19 | ||||
| -rw-r--r-- | src/kdc/kdc_util.c | 5 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/server_kdb.c | 4 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/svr_principal.c | 51 | ||||
| -rw-r--r-- | src/lib/kdb/decrypt_key.c | 10 | ||||
| -rw-r--r-- | src/lib/kdb/encrypt_key.c | 12 | ||||
| -rw-r--r-- | src/lib/kdb/kdb5.c | 26 | ||||
| -rw-r--r-- | src/lib/kdb/kdb_cpw.c | 11 | ||||
| -rw-r--r-- | src/lib/kdb/kdb_default.c | 24 | ||||
| -rw-r--r-- | src/lib/kdb/keytab.c | 4 | ||||
| -rw-r--r-- | src/lib/kdb/libkdb5.exports | 8 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c | 20 | ||||
| -rw-r--r-- | src/tests/create/kdb5_mkdums.c | 6 | ||||
| -rw-r--r-- | src/tests/verify/kdb5_verify.c | 4 |
20 files changed, 145 insertions, 190 deletions
diff --git a/src/include/kdb.h b/src/include/kdb.h index 4406126..b65130d 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -516,19 +516,19 @@ krb5_db_setup_mkey_name ( krb5_context context, krb5_principal *principal); krb5_error_code -krb5_dbekd_decrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt); +krb5_dbe_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt); krb5_error_code -krb5_dbekd_encrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data); +krb5_dbe_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data); krb5_error_code krb5_dbe_fetch_act_key_list(krb5_context context, @@ -749,34 +749,19 @@ krb5_error_code krb5_def_promote_db(krb5_context, char *, char **); krb5_error_code -krb5_dbekd_def_decrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt); +krb5_dbe_def_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt); krb5_error_code -krb5_dbekd_def_encrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data); - -krb5_error_code -krb5_dbekd_def_decrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt); - -krb5_error_code -krb5_dbekd_def_encrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data); +krb5_dbe_def_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data); krb5_error_code krb5_db_create_policy( krb5_context kcontext, diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index d0495e4..64c63af 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -302,9 +302,8 @@ krb5_error_code master_key_convert(context, db_entry) retval = krb5_dbe_find_mkey(context, master_keylist, db_entry, &tmp_mkey); if (retval) return retval; - retval = krb5_dbekd_decrypt_key_data(context, tmp_mkey, - key_data, &v5plainkey, - &keysalt); + retval = krb5_dbe_decrypt_key_data(context, tmp_mkey, key_data, + &v5plainkey, &keysalt); if (retval) return retval; @@ -313,10 +312,9 @@ krb5_error_code master_key_convert(context, db_entry) key_ptr = &v5plainkey; kvno = (krb5_kvno) key_data->key_data_kvno; - retval = krb5_dbekd_encrypt_key_data(context, &new_master_keyblock, - key_ptr, &keysalt, - (int) kvno, - &new_key_data); + retval = krb5_dbe_encrypt_key_data(context, &new_master_keyblock, + key_ptr, &keysalt, (int) kvno, + &new_key_data); if (retval) return retval; krb5_free_keyblock_contents(context, &v5plainkey); diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c index ba16535..cf2f2a7 100644 --- a/src/kadmin/dbutil/kdb5_create.c +++ b/src/kadmin/dbutil/kdb5_create.c @@ -403,12 +403,9 @@ tgt_keysalt_iterate(ksent, ptr) ind = iargs->dbentp->n_key_data-1; if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype, &key))) { - kret = krb5_dbekd_encrypt_key_data(context, - iargs->rblock->key, - &key, - NULL, - 1, - &iargs->dbentp->key_data[ind]); + kret = krb5_dbe_encrypt_key_data(context, iargs->rblock->key, + &key, NULL, 1, + &iargs->dbentp->key_data[ind]); krb5_free_keyblock_contents(context, &key); } } @@ -462,9 +459,9 @@ add_principal(context, princ, op, pblock) else mkey_kvno = 1; /* Default */ entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; - if ((retval = krb5_dbekd_encrypt_key_data(context, pblock->key, - &master_keyblock, NULL, - mkey_kvno, entry.key_data))) + if ((retval = krb5_dbe_encrypt_key_data(context, pblock->key, + &master_keyblock, NULL, + mkey_kvno, entry.key_data))) return retval; /* * There should always be at least one "active" mkey so creating the diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c index 6abd796..9c397b6 100644 --- a/src/kadmin/dbutil/kdb5_mkey.c +++ b/src/kadmin/dbutil/kdb5_mkey.c @@ -90,7 +90,7 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry, /* alloc enough space to hold new and existing key_data */ /* - * The encrypted key is malloc'ed by krb5_dbekd_encrypt_key_data and + * The encrypted key is malloc'ed by krb5_dbe_encrypt_key_data and * krb5_key_data key_data_contents is a pointer to this key. Using some * logic from master_key_convert(). */ @@ -105,10 +105,9 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry, /* Note, mkey does not have salt */ /* add new mkey encrypted with itself to mkey princ entry */ - if ((retval = krb5_dbekd_encrypt_key_data(context, new_mkey, - new_mkey, NULL, - (int) new_mkey_kvno, - &master_entry->key_data[0]))) { + if ((retval = krb5_dbe_encrypt_key_data(context, new_mkey, new_mkey, NULL, + (int) new_mkey_kvno, + &master_entry->key_data[0]))) { return (retval); } /* the mvkno should be that of the newest mkey */ @@ -156,11 +155,9 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry, memset(&tmp_key_data, 0, sizeof(tmp_key_data)); /* encrypt the new mkey with the older mkey */ - retval = krb5_dbekd_encrypt_key_data(context, &keylist_node->keyblock, - new_mkey, - NULL, /* no keysalt */ - (int) new_mkey_kvno, - &tmp_key_data); + retval = krb5_dbe_encrypt_key_data(context, &keylist_node->keyblock, + new_mkey, NULL, (int) new_mkey_kvno, + &tmp_key_data); if (retval) goto clean_n_exit; @@ -171,11 +168,10 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry, /* * Store old key in master_entry keydata past the new mkey */ - retval = krb5_dbekd_encrypt_key_data(context, new_mkey, - &keylist_node->keyblock, - NULL, /* no keysalt */ - (int) keylist_node->kvno, - &master_entry->key_data[i]); + retval = krb5_dbe_encrypt_key_data(context, new_mkey, + &keylist_node->keyblock, + NULL, (int) keylist_node->kvno, + &master_entry->key_data[i]); if (retval) goto clean_n_exit; } diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 9ceac84..18ce37f 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -489,9 +489,9 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, * * server_keyblock is later used to generate auth data signatures */ - if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr, - server_key, &server_keyblock, - NULL))) { + if ((errcode = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr, + server_key, &server_keyblock, + NULL))) { status = "DECRYPT_SERVER_KEY"; goto errout; } @@ -537,9 +537,9 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, } /* convert client.key_data into a real key */ - if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr, - client_key, &client_keyblock, - NULL))) { + if ((errcode = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr, + client_key, &client_keyblock, + NULL))) { status = "DECRYPT_CLIENT_KEY"; goto errout; } diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index f1ae84b..827f65c 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -675,10 +675,9 @@ tgt_again: * Convert server.key into a real key * (it may be encrypted in the database) */ - if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, - mkey_ptr, - server_key, &encrypting_key, - NULL))) { + if ((errcode = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr, + server_key, &encrypting_key, + NULL))) { status = "DECRYPT_SERVER_KEY"; goto cleanup; } diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 00800aa..d754edc 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -773,8 +773,8 @@ get_entry_data(krb5_context context, if (krb5_dbe_find_enctype(context, entry, request->ktype[i], -1, 0, &entry_key) != 0) continue; - if (krb5_dbekd_decrypt_key_data(context, mkey_ptr, - entry_key, &keys[k], NULL) != 0) { + if (krb5_dbe_decrypt_key_data(context, mkey_ptr, entry_key, + &keys[k], NULL) != 0) { if (keys[k].contents != NULL) krb5_free_keyblock_contents(context, &keys[k]); memset(&keys[k], 0, sizeof(keys[k])); @@ -1474,8 +1474,8 @@ verify_enc_timestamp(krb5_context context, krb5_db_entry *client, -1, 0, &client_key))) goto cleanup; - if ((retval = krb5_dbekd_decrypt_key_data(context, mkey_ptr, - client_key, &key, NULL))) + if ((retval = krb5_dbe_decrypt_key_data(context, mkey_ptr, client_key, + &key, NULL))) goto cleanup; key.enctype = enc_data->enctype; @@ -2156,10 +2156,9 @@ get_sam_edata(krb5_context context, krb5_kdc_req *request, return retval; } /* convert server.key into a real key */ - retval = krb5_dbekd_decrypt_key_data(kdc_context, - mkey_ptr, - assoc_key, &encrypting_key, - NULL); + retval = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr, + assoc_key, &encrypting_key, + NULL); if (retval) { kdc_err(kdc_context, retval, "snk4 pulling out key entry"); @@ -2819,8 +2818,8 @@ static krb5_error_code verify_pkinit_request( * Unfortunately this key is stored encrypted even though it's * not sensitive... */ - krtn = krb5_dbekd_decrypt_key_data(context, mkey_ptr, - key_data, &decrypted_key, NULL); + krtn = krb5_dbe_decrypt_key_data(context, mkey_ptr, key_data, + &decrypted_key, NULL); if(krtn) { kdcPkinitDebug("verify_pkinit_request: error decrypting cert hash block\n"); break; diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 6fa2d73..16c0629 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -512,9 +512,8 @@ kdc_get_server_key(krb5_ticket *ticket, unsigned int flags, goto errout; } if ((*key = (krb5_keyblock *)malloc(sizeof **key))) { - retval = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr, - server_key, - *key, NULL); + retval = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr, server_key, + *key, NULL); } else retval = ENOMEM; retval = krb5_c_enctype_compare(kdc_context, ticket->enc_part.enctype, diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index 3c09f90..768c8f7 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -213,8 +213,8 @@ kdb_get_hist_key(kadm5_server_handle_t handle, krb5_keyblock *hist_keyblock, if (ret) goto done; - ret = krb5_dbekd_decrypt_key_data(handle->context, mkey, - &kdb.key_data[0], hist_keyblock, NULL); + ret = krb5_dbe_decrypt_key_data(handle->context, mkey, &kdb.key_data[0], + hist_keyblock, NULL); if (ret) goto done; diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 469a8e8..451e4ff 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -977,18 +977,15 @@ check_pw_reuse(krb5_context context, krb5_error_code ret; for (x = 0; x < n_new_key_data; x++) { - ret = krb5_dbekd_decrypt_key_data(context, - mkey, - &(new_key_data[x]), - &newkey, NULL); + ret = krb5_dbe_decrypt_key_data(context, mkey, &(new_key_data[x]), + &newkey, NULL); if (ret) return(ret); for (y = 0; y < n_pw_hist_data; y++) { for (z = 0; z < pw_hist_data[y].n_key_data; z++) { - ret = krb5_dbekd_decrypt_key_data(context, - hist_keyblock, - &pw_hist_data[y].key_data[z], - &histkey, NULL); + ret = krb5_dbe_decrypt_key_data(context, hist_keyblock, + &pw_hist_data[y].key_data[z], + &histkey, NULL); if (ret) return(ret); @@ -1047,17 +1044,14 @@ int create_history_entry(krb5_context context, krb5_keyblock *mkey, memset(hist->key_data, 0, n_key_data*sizeof(krb5_key_data)); for (i = 0; i < n_key_data; i++) { - ret = krb5_dbekd_decrypt_key_data(context, - mkey, - &key_data[i], - &key, &salt); + ret = krb5_dbe_decrypt_key_data(context, mkey, &key_data[i], &key, + &salt); if (ret) return ret; - ret = krb5_dbekd_encrypt_key_data(context, hist_key, - &key, &salt, - key_data[i].key_data_kvno, - &hist->key_data[i]); + ret = krb5_dbe_encrypt_key_data(context, hist_key, &key, &salt, + key_data[i].key_data_kvno, + &hist->key_data[i]); if (ret) return ret; @@ -1731,9 +1725,8 @@ kadm5_setv4key_principal(void *server_handle, goto done; /* use tmp_key_data as temporary location and reallocate later */ - ret = krb5_dbekd_encrypt_key_data(handle->context, act_mkey, - keyblock, &keysalt, kvno + 1, - &tmp_key_data); + ret = krb5_dbe_encrypt_key_data(handle->context, act_mkey, keyblock, + &keysalt, kvno + 1, &tmp_key_data); if (ret) { goto done; } @@ -1935,12 +1928,10 @@ kadm5_setkey_principal_3(void *server_handle, if (ret) goto done; - ret = krb5_dbekd_encrypt_key_data(handle->context, - act_mkey, - &keyblocks[i], - n_ks_tuple ? &keysalt : NULL, - kvno + 1, - &tmp_key_data); + ret = krb5_dbe_encrypt_key_data(handle->context, act_mkey, + &keyblocks[i], + n_ks_tuple ? &keysalt : NULL, kvno + 1, + &tmp_key_data); if (ret) goto done; @@ -2120,9 +2111,8 @@ static int decrypt_key_data(krb5_context context, krb5_keyblock *mkey, memset(keys, 0, n_key_data*sizeof(krb5_keyblock)); for (i = 0; i < n_key_data; i++) { - ret = krb5_dbekd_decrypt_key_data(context, mkey, - &key_data[i], - &keys[i], NULL); + ret = krb5_dbe_decrypt_key_data(context, mkey, &key_data[i], &keys[i], + NULL); if (ret) { for (; i >= 0; i--) { if (keys[i].contents) { @@ -2218,9 +2208,8 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, } } - if ((ret = krb5_dbekd_decrypt_key_data(handle->context, - mkey_ptr, key_data, - keyblock, keysalt))) + if ((ret = krb5_dbe_decrypt_key_data(handle->context, mkey_ptr, key_data, + keyblock, keysalt))) return ret; /* diff --git a/src/lib/kdb/decrypt_key.c b/src/lib/kdb/decrypt_key.c index 8006cf3..37c4597 100644 --- a/src/lib/kdb/decrypt_key.c +++ b/src/lib/kdb/decrypt_key.c @@ -64,11 +64,11 @@ */ krb5_error_code -krb5_dbekd_def_decrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt) +krb5_dbe_def_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt) { krb5_error_code retval = 0; krb5_int16 tmplen; diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c index bbf520b..02f0932 100644 --- a/src/lib/kdb/encrypt_key.c +++ b/src/lib/kdb/encrypt_key.c @@ -64,12 +64,12 @@ */ krb5_error_code -krb5_dbekd_def_encrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data) +krb5_dbe_def_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data) { krb5_error_code retval; krb5_octet * ptr; diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index bfcdbd6..11be6df 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -267,9 +267,9 @@ kdb_setup_opt_functions(db_library lib) if (lib->vftabl.promote_db == NULL) lib->vftabl.promote_db = krb5_def_promote_db; if (lib->vftabl.dbekd_decrypt_key_data == NULL) - lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data; + lib->vftabl.dbekd_decrypt_key_data = krb5_dbe_def_decrypt_key_data; if (lib->vftabl.dbekd_encrypt_key_data == NULL) - lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data; + lib->vftabl.dbekd_encrypt_key_data = krb5_dbe_def_encrypt_key_data; } #ifdef STATIC_PLUGINS @@ -2308,11 +2308,11 @@ clean_n_exit: } krb5_error_code -krb5_dbekd_decrypt_key_data( krb5_context kcontext, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt) +krb5_dbe_decrypt_key_data( krb5_context kcontext, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt) { krb5_error_code status = 0; kdb_vftabl *v; @@ -2324,12 +2324,12 @@ krb5_dbekd_decrypt_key_data( krb5_context kcontext, } krb5_error_code -krb5_dbekd_encrypt_key_data( krb5_context kcontext, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data) +krb5_dbe_encrypt_key_data( krb5_context kcontext, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data) { krb5_error_code status = 0; kdb_vftabl *v; diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c index 723d98e..dcf00ab 100644 --- a/src/lib/kdb/kdb_cpw.c +++ b/src/lib/kdb/kdb_cpw.c @@ -186,9 +186,8 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno) /* db library will free this. Since, its a so, it could actually be using different memory management function. So, its better if the memory is allocated by the db's malloc. So, a temporary memory is used here which will later be copied to the db_entry */ - retval = krb5_dbekd_encrypt_key_data(context, master_key, - &key, NULL, kvno, - &tmp_key_data); + retval = krb5_dbe_encrypt_key_data(context, master_key, &key, NULL, + kvno, &tmp_key_data); krb5_free_keyblock_contents(context, &key); if( retval ) @@ -464,9 +463,9 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, /* memory allocation to be done by db. So, use temporary block and later copy it to the memory allocated by db */ - retval = krb5_dbekd_encrypt_key_data(context, master_key, &key, - (const krb5_keysalt *)&key_salt, - kvno, &tmp_key_data); + retval = krb5_dbe_encrypt_key_data(context, master_key, &key, + (const krb5_keysalt *)&key_salt, + kvno, &tmp_key_data); if (key_salt.data.data) free(key_salt.data.data); free(key.contents); diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c index 545d503..e8fe54f 100644 --- a/src/lib/kdb/kdb_default.c +++ b/src/lib/kdb/kdb_default.c @@ -463,9 +463,9 @@ krb5_def_verify_master_key(krb5_context context, return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); } - if ((retval = krb5_dbekd_decrypt_key_data(context, mkey, - &master_entry.key_data[0], - &tempkey, NULL))) { + if ((retval = krb5_dbe_decrypt_key_data(context, mkey, + &master_entry.key_data[0], + &tempkey, NULL))) { krb5_db_free_principal(context, &master_entry, nprinc); return retval; } @@ -534,9 +534,8 @@ krb5_def_fetch_mkey_list(krb5_context context, */ if (mkey->enctype == master_entry.key_data[0].key_data_type[0]) { - if (krb5_dbekd_decrypt_key_data(context, mkey, - &master_entry.key_data[0], - &cur_mkey, NULL) == 0) { + if (krb5_dbe_decrypt_key_data(context, mkey, &master_entry.key_data[0], + &cur_mkey, NULL) == 0) { found_key = TRUE; } } @@ -549,9 +548,9 @@ krb5_def_fetch_mkey_list(krb5_context context, for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL; aux_data_entry = aux_data_entry->next) { - if (krb5_dbekd_decrypt_key_data(context, mkey, - &aux_data_entry->latest_mkey, - &cur_mkey, NULL) == 0) { + if (krb5_dbe_decrypt_key_data(context, mkey, + &aux_data_entry->latest_mkey, + &cur_mkey, NULL) == 0) { found_key = TRUE; break; } @@ -596,10 +595,9 @@ krb5_def_fetch_mkey_list(krb5_context context, memset(*mkey_list_node, 0, sizeof(krb5_keylist_node)); } key_data = &master_entry.key_data[i]; - retval = krb5_dbekd_decrypt_key_data(context, &cur_mkey, - key_data, - &((*mkey_list_node)->keyblock), - NULL); + retval = krb5_dbe_decrypt_key_data(context, &cur_mkey, key_data, + &((*mkey_list_node)->keyblock), + NULL); if (retval) goto clean_n_exit; diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c index 03cc897..ae02e91 100644 --- a/src/lib/kdb/keytab.c +++ b/src/lib/kdb/keytab.c @@ -185,8 +185,8 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) goto error; - kerror = krb5_dbekd_decrypt_key_data(context, master_key, - key_data, &entry->key, NULL); + kerror = krb5_dbe_decrypt_key_data(context, master_key, key_data, + &entry->key, NULL); if (kerror) goto error; diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports index c988098..c32a8db 100644 --- a/src/lib/kdb/libkdb5.exports +++ b/src/lib/kdb/libkdb5.exports @@ -55,10 +55,10 @@ krb5_dbe_update_mkey_aux krb5_dbe_update_mkvno krb5_dbe_update_mod_princ_data krb5_dbe_update_tl_data -krb5_dbekd_def_encrypt_key_data -krb5_dbekd_def_decrypt_key_data -krb5_dbekd_decrypt_key_data -krb5_dbekd_encrypt_key_data +krb5_dbe_def_encrypt_key_data +krb5_dbe_def_decrypt_key_data +krb5_dbe_decrypt_key_data +krb5_dbe_encrypt_key_data krb5_kt_kdb_ops krb5_ktkdb_close krb5_ktkdb_get_entry diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index eb3dec7..cc91814 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -2322,12 +2322,8 @@ kdb_ldap_tgt_keysalt_iterate(krb5_key_salt_tuple *ksent, krb5_pointer ptr) if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype, &key))) { - kret = krb5_dbekd_encrypt_key_data(context, - iargs->rblock->key, - &key, - NULL, - 1, - &entry->key_data[ind]); + kret = krb5_dbe_encrypt_key_data(context, iargs->rblock->key, &key, + NULL, 1, &entry->key_data[ind]); krb5_free_keyblock_contents(context, &key); } /*}*/ @@ -2441,9 +2437,9 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ, goto cleanup; } kvno = 1; /* New key is getting set */ - retval = krb5_dbekd_encrypt_key_data(context, master_keyblock, - &key, NULL, kvno, - &entry.key_data[entry.n_key_data - 1]); + retval = krb5_dbe_encrypt_key_data(context, master_keyblock, + &key, NULL, kvno, + &entry.key_data[entry.n_key_data - 1]); krb5_free_keyblock_contents(context, &key); if (retval) { goto cleanup; @@ -2477,9 +2473,9 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ, memset(entry.key_data, 0, sizeof(krb5_key_data)); entry.n_key_data++; kvno = 1; /* New key is getting set */ - retval = krb5_dbekd_encrypt_key_data(context, pblock->key, - master_keyblock, NULL, kvno, - &entry.key_data[entry.n_key_data - 1]); + retval = krb5_dbe_encrypt_key_data(context, pblock->key, + master_keyblock, NULL, kvno, + &entry.key_data[entry.n_key_data - 1]); if (retval) { goto cleanup; } diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c index 29143e0..3179b96 100644 --- a/src/tests/create/kdb5_mkdums.c +++ b/src/tests/create/kdb5_mkdums.c @@ -292,9 +292,9 @@ add_princ(context, str_newprinc) goto error; } - if ((retval = krb5_dbekd_encrypt_key_data(context,&master_keyblock, - &key, NULL, 1, - newentry.key_data))) { + if ((retval = krb5_dbe_encrypt_key_data(context, &master_keyblock, + &key, NULL, 1, + newentry.key_data))) { com_err(progname, retval, "while encrypting key for '%s'", princ_name); free(key.contents); diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c index 63995a5..2e465f3 100644 --- a/src/tests/verify/kdb5_verify.c +++ b/src/tests/verify/kdb5_verify.c @@ -281,8 +281,8 @@ check_princ(context, str_princ) goto errout; } - if ((retval = krb5_dbekd_decrypt_key_data(context, &master_keyblock, - kdbe.key_data, &db_key, NULL))) { + if ((retval = krb5_dbe_decrypt_key_data(context, &master_keyblock, + kdbe.key_data, &db_key, NULL))) { com_err(progname, retval, "while decrypting key for '%s'", princ_name); goto errout; } |