aboutsummaryrefslogtreecommitdiff
path: root/src/kadmin
diff options
context:
space:
mode:
Diffstat (limited to 'src/kadmin')
-rw-r--r--src/kadmin/cli/ChangeLog5
-rw-r--r--src/kadmin/cli/keytab.c53
-rw-r--r--src/kadmin/dbutil/ChangeLog17
-rw-r--r--src/kadmin/dbutil/dumpv4.c47
-rw-r--r--src/kadmin/dbutil/kadm5_create.c27
-rw-r--r--src/kadmin/dbutil/kdb5_create.c97
-rw-r--r--src/kadmin/dbutil/kdb5_stash.c34
-rw-r--r--src/kadmin/dbutil/kdb5_util.c216
-rw-r--r--src/kadmin/dbutil/loadv4.c82
-rw-r--r--src/kadmin/server/ChangeLog7
-rw-r--r--src/kadmin/server/ovsec_kadmd.c42
-rw-r--r--src/kadmin/v4server/ChangeLog15
-rw-r--r--src/kadmin/v4server/acl_files.c2
-rw-r--r--src/kadmin/v4server/admin_server.c5
-rw-r--r--src/kadmin/v4server/kadm_funcs.c2
-rw-r--r--src/kadmin/v4server/kadm_ser_wrap.c24
-rw-r--r--src/kadmin/v4server/kadm_server.h1
17 files changed, 453 insertions, 223 deletions
diff --git a/src/kadmin/cli/ChangeLog b/src/kadmin/cli/ChangeLog
index 9bf1d76..455733b 100644
--- a/src/kadmin/cli/ChangeLog
+++ b/src/kadmin/cli/ChangeLog
@@ -1,3 +1,8 @@
+1998-10-26 Marc Horowitz <marc@mit.edu>
+
+ * keytab.c (etype_string): replace the hardwired table with a call
+ to krb5_enctype_to_string()
+
Fri Feb 27 23:32:38 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Changed thisconfigdir to point at the kadmin
diff --git a/src/kadmin/cli/keytab.c b/src/kadmin/cli/keytab.c
index df4f6ce..8a474b9 100644
--- a/src/kadmin/cli/keytab.c
+++ b/src/kadmin/cli/keytab.c
@@ -5,6 +5,32 @@
* $Source$
*/
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
#if !defined(lint) && !defined(__CODECENTER__)
static char *rcsid = "$Header$";
#endif
@@ -399,26 +425,11 @@ int remove_principal(char *keytab_str, krb5_keytab keytab, char
static char *etype_string(enctype)
krb5_enctype enctype;
{
- static char buf[12];
-
- switch (enctype) {
- case ENCTYPE_DES_CBC_CRC:
- return "DES-CBC-CRC";
- break;
- case ENCTYPE_DES_CBC_MD4:
- return "DES-CBC-MD4";
- break;
- case ENCTYPE_DES_CBC_MD5:
- return "DES-CBC-MD5";
- break;
-#if 0
- case ENCTYPE_DES3_CBC_MD5:
- return "DES3-CBC-MD5";
- break;
-#endif
- default:
+ static char buf[100];
+ krb5_error_code ret;
+
+ if (ret = krb5_enctype_to_string(enctype, buf, sizeof(buf)))
sprintf(buf, "etype %d", enctype);
- return buf;
- break;
- }
+
+ return buf;
}
diff --git a/src/kadmin/dbutil/ChangeLog b/src/kadmin/dbutil/ChangeLog
index e6ab156..2f0c84e 100644
--- a/src/kadmin/dbutil/ChangeLog
+++ b/src/kadmin/dbutil/ChangeLog
@@ -1,8 +1,25 @@
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * dumpv4, loadv4.c, kdb5_create.c, kdb5_stash.c, kdb5_util.c,
+ kadm5_create.c: convert to new crypto api
+
Wed Sep 30 00:02:01 1998 Theodore Y. Ts'o <tytso@mit.edu>
* dump.c: Add support for changing the master key for a database
as part of creating a dump of the database.
+Thu Aug 20 16:50:00 1998 Tom Yu <tlyu@mit.edu>
+
+ * kdb5_util.c (add_random_key): Fixes to deal with absence of "-e"
+ flag.
+
+Wed Aug 19 14:52:40 1998 Tom Yu <tlyu@mit.edu>
+
+ * kdb5_util.c (add_random_key): New function to create a new
+ random key for a principal while retaining the previous kvno's
+ keys. This is only temporary until a reasonable kadm5 interface
+ is made.
+
1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
* kdb5_stash.c (argv):
diff --git a/src/kadmin/dbutil/dumpv4.c b/src/kadmin/dbutil/dumpv4.c
index fd5d0b2..9eb203c 100644
--- a/src/kadmin/dbutil/dumpv4.c
+++ b/src/kadmin/dbutil/dumpv4.c
@@ -24,6 +24,32 @@
* Dump a KDC database into a V4 slave dump.
*/
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
#ifdef KRB5_KRB4_COMPAT
#include "k5-int.h"
@@ -45,14 +71,13 @@
struct dump_record {
char *comerr_name;
FILE *f;
- krb5_encrypt_block *v5master;
+ krb5_keyblock *v5mkey;
C_Block v4_master_key;
Key_schedule v4_master_key_schedule;
long master_key_version;
char *realm;
};
-extern krb5_encrypt_block master_encblock;
extern krb5_keyblock master_keyblock;
extern krb5_principal master_princ;
extern krb5_boolean dbactive;
@@ -226,7 +251,7 @@ found_one:;
principal->key_version,
principal->attributes);
- handle_one_key(arg, arg->v5master, &entry->key_data[ok_key], v4key);
+ handle_one_key(arg, arg->v5mkey, &entry->key_data[ok_key], v4key);
for (i = 0; i < 8; i++) {
fprintf(arg->f, "%02x", ((unsigned char*)v4key)[i]);
@@ -363,26 +388,20 @@ int handle_keys(arg)
exit(1);
}
- krb5_use_enctype(util_context, &master_encblock, DEFAULT_KDC_ENCTYPE);
if (retval = krb5_db_fetch_mkey(util_context, master_princ,
- &master_encblock, 0,
+ master_keyblock.enctype, 0,
0, global_params.stash_file, 0,
&master_keyblock)) {
com_err(arg->comerr_name, retval, "while reading master key");
exit(1);
}
- if (retval = krb5_process_key(util_context, &master_encblock,
- &master_keyblock)) {
- com_err(arg->comerr_name, retval, "while processing master key");
- exit(1);
- }
- arg->v5master = &master_encblock;
+ arg->v5mkey = &master_keyblock;
return(0);
}
-handle_one_key(arg, v5master, v5key, v4key)
+handle_one_key(arg, v5mkey, v5key, v4key)
struct dump_record *arg;
- krb5_encrypt_block *v5master;
+ krb5_keyblock *v5mkey;
krb5_key_data *v5key;
des_cblock v4key;
{
@@ -392,7 +411,7 @@ handle_one_key(arg, v5master, v5key, v4key)
krb5_keyblock v5plainkey;
/* v4key is the actual v4 key from the file. */
- if (retval = krb5_dbekd_decrypt_key_data(util_context, v5master, v5key,
+ if (retval = krb5_dbekd_decrypt_key_data(util_context, v5mkey, v5key,
&v5plainkey, NULL))
return retval;
diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c
index b60ec97..9cedf30 100644
--- a/src/kadmin/dbutil/kadm5_create.c
+++ b/src/kadmin/dbutil/kadm5_create.c
@@ -5,6 +5,32 @@
* $Source$
*/
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
#if !defined(lint) && !defined(__CODECENTER__)
static char *rcsid = "$Header$";
#endif
@@ -31,7 +57,6 @@ int add_admin_princ(void *handle, krb5_context context,
extern char *progname;
-extern krb5_encrypt_block master_encblock;
extern krb5_keyblock master_keyblock;
extern krb5_db_entry master_db;
diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c
index 2e2c5f9..5aa7ae1 100644
--- a/src/kadmin/dbutil/kdb5_create.c
+++ b/src/kadmin/dbutil/kdb5_create.c
@@ -24,6 +24,32 @@
* Generate (from scratch) a Kerberos KDC database.
*/
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
#include <stdio.h>
#include <k5-int.h>
#include <kadm5/admin.h>
@@ -42,8 +68,7 @@ struct realm_info {
krb5_deltat max_rlife;
krb5_timestamp expiration;
krb5_flags flags;
- krb5_encrypt_block *eblock;
- krb5_pointer rseed;
+ krb5_keyblock *key;
krb5_int32 nkslist;
krb5_key_salt_tuple *kslist;
} rblock = { /* XXX */
@@ -51,8 +76,7 @@ struct realm_info {
KRB5_KDB_MAX_RLIFE,
KRB5_KDB_EXPIRATION,
KRB5_KDB_DEF_FLAGS,
- (krb5_encrypt_block *) NULL,
- (krb5_pointer) NULL,
+ (krb5_keyblock *) NULL,
1,
&def_kslist
};
@@ -85,7 +109,6 @@ static krb5_error_code add_principal
extern krb5_keyblock master_keyblock;
extern krb5_principal master_princ;
-extern krb5_encrypt_block master_encblock;
krb5_data master_salt;
krb5_data tgt_princ_entries[] = {
@@ -133,7 +156,7 @@ void kdb5_create(argc, argv)
int pw_size = 0;
int do_stash = 0;
krb5_int32 crflags = KRB5_KDB_CREATE_BTREE;
- krb5_data pwd;
+ krb5_data pwd, seed;
if (strrchr(argv[0], '/'))
argv[0] = strrchr(argv[0], '/')+1;
@@ -159,8 +182,6 @@ void kdb5_create(argc, argv)
rblock.nkslist = global_params.num_keysalts;
rblock.kslist = global_params.keysalts;
- krb5_use_enctype(util_context, &master_encblock, master_keyblock.enctype);
-
retval = krb5_db_set_name(util_context, global_params.dbname);
if (!retval) retval = EEXIST;
@@ -216,50 +237,37 @@ master key name '%s'\n",
com_err(argv[0], retval, "while calculated master key salt");
exit_status++; return;
}
- if (retval = krb5_string_to_key(util_context, &master_encblock,
- &master_keyblock, &pwd, &master_salt)) {
+ if (retval = krb5_c_string_to_key(util_context, master_keyblock.enctype,
+ &pwd, &master_salt, &master_keyblock)) {
com_err(argv[0], retval, "while transforming master key from password");
exit_status++; return;
}
- if ((retval = krb5_process_key(util_context, &master_encblock,
- &master_keyblock))) {
- com_err(argv[0], retval, "while processing master key");
- exit_status++; return;
- }
+ rblock.key = &master_keyblock;
+
+ seed.length = master_keyblock.length;
+ seed.data = master_keyblock.contents;
- rblock.eblock = &master_encblock;
- if ((retval = krb5_init_random_key(util_context, &master_encblock,
- &master_keyblock, &rblock.rseed))) {
+ if ((retval = krb5_c_random_seed(util_context, &seed))) {
com_err(argv[0], retval, "while initializing random key generator");
- (void) krb5_finish_key(util_context, &master_encblock);
exit_status++; return;
}
if ((retval = krb5_db_create(util_context,
global_params.dbname, crflags))) {
- (void) krb5_finish_key(util_context, &master_encblock);
- (void) krb5_finish_random_key(util_context, &master_encblock, &rblock.rseed);
com_err(argv[0], retval, "while creating database '%s'",
global_params.dbname);
exit_status++; return;
}
if (retval = krb5_db_fini(util_context)) {
- (void) krb5_finish_key(util_context, &master_encblock);
- (void) krb5_finish_random_key(util_context, &master_encblock,
- &rblock.rseed);
com_err(argv[0], retval, "while closing current database");
exit_status++; return;
}
if ((retval = krb5_db_set_name(util_context, global_params.dbname))) {
- (void) krb5_finish_key(util_context, &master_encblock);
- (void) krb5_finish_random_key(util_context, &master_encblock, &rblock.rseed);
com_err(argv[0], retval, "while setting active database to '%s'",
global_params.dbname);
exit_status++; return;
}
if ((retval = krb5_db_init(util_context))) {
- (void) krb5_finish_key(util_context, &master_encblock);
- (void) krb5_finish_random_key(util_context, &master_encblock, &rblock.rseed);
com_err(argv[0], retval, "while initializing the database '%s'",
global_params.dbname);
exit_status++; return;
@@ -268,8 +276,6 @@ master key name '%s'\n",
if ((retval = add_principal(util_context, master_princ, MASTER_KEY, &rblock)) ||
(retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
(void) krb5_db_fini(util_context);
- (void) krb5_finish_key(util_context, &master_encblock);
- (void) krb5_finish_random_key(util_context, &master_encblock, &rblock.rseed);
com_err(argv[0], retval, "while adding entries to the database");
exit_status++; return;
}
@@ -287,8 +293,6 @@ master key name '%s'\n",
}
/* clean up */
(void) krb5_db_fini(util_context);
- (void) krb5_finish_key(util_context, &master_encblock);
- (void) krb5_finish_random_key(util_context, &master_encblock, &rblock.rseed);
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
free(master_keyblock.contents);
if (pw_str) {
@@ -315,9 +319,8 @@ tgt_keysalt_iterate(ksent, ptr)
krb5_context context;
krb5_error_code kret;
struct iterate_args *iargs;
- krb5_keyblock random_keyblock, *key;
+ krb5_keyblock key;
krb5_int32 ind;
- krb5_encrypt_block random_encblock;
krb5_pointer rseed;
krb5_data pwd;
@@ -330,33 +333,25 @@ tgt_keysalt_iterate(ksent, ptr)
* Convert the master key password into a key for this particular
* encryption system.
*/
- krb5_use_enctype(context, &random_encblock, ksent->ks_enctype);
pwd.data = mkey_password;
pwd.length = strlen(mkey_password);
- if (kret = krb5_string_to_key(context, &random_encblock, &random_keyblock,
- &pwd, &master_salt))
- return kret;
- if ((kret = krb5_init_random_key(context, &random_encblock,
- &random_keyblock, &rseed)))
+ if (kret = krb5_c_random_seed(context, &pwd))
return kret;
-
+
if (!(kret = krb5_dbe_create_key_data(iargs->ctx, iargs->dbentp))) {
ind = iargs->dbentp->n_key_data-1;
- if (!(kret = krb5_random_key(context,
- &random_encblock, rseed,
- &key))) {
+ if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype,
+ &key))) {
kret = krb5_dbekd_encrypt_key_data(context,
- iargs->rblock->eblock,
- key,
+ iargs->rblock->key,
+ &key,
NULL,
1,
&iargs->dbentp->key_data[ind]);
- krb5_free_keyblock(context, key);
+ krb5_free_keyblock_contents(context, &key);
}
}
- memset((char *)random_keyblock.contents, 0, random_keyblock.length);
- free(random_keyblock.contents);
- (void) krb5_finish_random_key(context, &random_encblock, &rseed);
+
return(kret);
}
@@ -402,7 +397,7 @@ add_principal(context, princ, op, pblock)
entry.n_key_data = 1;
entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
- if ((retval = krb5_dbekd_encrypt_key_data(context, pblock->eblock,
+ if ((retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
&master_keyblock, NULL,
1, entry.key_data)))
return retval;
diff --git a/src/kadmin/dbutil/kdb5_stash.c b/src/kadmin/dbutil/kdb5_stash.c
index 40084e2..c682f3a 100644
--- a/src/kadmin/dbutil/kdb5_stash.c
+++ b/src/kadmin/dbutil/kdb5_stash.c
@@ -24,6 +24,32 @@
* Store the master database key in a file.
*/
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
#include "k5-int.h"
#include "com_err.h"
#include <kadm5/admin.h>
@@ -33,7 +59,6 @@ extern int errno;
extern krb5_keyblock master_keyblock;
extern krb5_principal master_princ;
-extern krb5_encrypt_block master_encblock;
extern kadm5_config_params global_params;
extern int exit_status;
@@ -93,8 +118,6 @@ char *argv[];
exit_status++; return;
}
- krb5_use_enctype(context, &master_encblock, master_keyblock.enctype);
-
if (retval = krb5_db_set_name(context, dbname)) {
com_err(argv[0], retval, "while setting active database to '%s'",
dbname);
@@ -116,7 +139,8 @@ char *argv[];
}
/* TRUE here means read the keyboard, but only once */
- if (retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock,
+ if (retval = krb5_db_fetch_mkey(context, master_princ,
+ master_keyblock.enctype,
TRUE, FALSE, (char *) NULL,
0, &master_keyblock)) {
com_err(argv[0], retval, "while reading master key");
@@ -124,7 +148,7 @@ char *argv[];
exit_status++; return;
}
if (retval = krb5_db_verify_master_key(context, master_princ,
- &master_keyblock,&master_encblock)) {
+ &master_keyblock)) {
com_err(argv[0], retval, "while verifying master key");
(void) krb5_db_fini(context);
exit_status++; return;
diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c
index ead82aa..0a053c8 100644
--- a/src/kadmin/dbutil/kdb5_util.c
+++ b/src/kadmin/dbutil/kdb5_util.c
@@ -24,6 +24,32 @@
* Edit a KDC database.
*/
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
#include <stdio.h>
#include <k5-int.h>
#include <kadm5/admin.h>
@@ -60,15 +86,14 @@ usage()
"\tdump [-old] [-ov] [-b6] [-verbose] [filename [princs...]]\n"
"\tload [-old] [-ov] [-b6] [-verbose] [-update] filename\n"
"\tdump_v4 [filename]\n"
- "\tload_v4 [-t] [-n] [-v] [-K] [-s stashfile] inputfile\n");
+ "\tload_v4 [-t] [-n] [-v] [-K] [-s stashfile] inputfile\n"
+ "\tark [-e etype_list] principal\n");
exit(1);
}
extern krb5_keyblock master_keyblock;
extern krb5_principal master_princ;
-extern krb5_encrypt_block master_encblock;
krb5_db_entry master_entry;
-krb5_pointer master_random;
int valid_master_key = 0;
int close_policy_db = 0;
@@ -84,6 +109,7 @@ int load_db(int, char **);
int dump_v4db(int, char **);
int load_v4db(int, char **);
int open_db_and_mkey();
+int add_random_key(int, char **);
typedef int (*cmd_func)(int, char **);
@@ -99,6 +125,7 @@ struct _cmd_table {
"load", load_db, 0,
"dump_v4", dump_v4db, 1,
"load_v4", load_v4db, 0,
+ "ark", add_random_key, 1,
NULL, NULL, 0,
};
@@ -204,19 +231,10 @@ int main(argc, argv)
(void) umask(077);
master_keyblock.enctype = global_params.enctype;
- if (master_keyblock.enctype != ENCTYPE_UNKNOWN) {
- if (!valid_enctype(master_keyblock.enctype)) {
- char tmp[32];
- if (krb5_enctype_to_string(master_keyblock.enctype,
- tmp, sizeof(tmp)))
- com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
- "while setting up enctype %d", master_keyblock.enctype);
- else
- com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP, tmp);
- exit(1);
- }
- krb5_use_enctype(util_context, &master_encblock,
- master_keyblock.enctype);
+ if ((master_keyblock.enctype != ENCTYPE_UNKNOWN) &&
+ (!valid_enctype(master_keyblock.enctype))) {
+ com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
+ "while setting up enctype %d", master_keyblock.enctype);
}
cmd = cmd_lookup(cmd_argv[0]);
@@ -257,12 +275,9 @@ void set_dbname(argc, argv)
return;
}
if (valid_master_key) {
- (void) krb5_finish_key(util_context, &master_encblock);
- (void) krb5_finish_random_key(util_context, &master_encblock,
- &master_random);
- krb5_free_keyblock_contents(util_context, &master_keyblock);
- master_keyblock.contents = NULL;
- valid_master_key = 0;
+ krb5_free_keyblock_contents(util_context, &master_keyblock);
+ master_keyblock.contents = NULL;
+ valid_master_key = 0;
}
krb5_free_principal(util_context, master_princ);
dbactive = FALSE;
@@ -287,7 +302,7 @@ int open_db_and_mkey()
krb5_error_code retval;
int nentries;
krb5_boolean more;
- krb5_data scratch, pwd;
+ krb5_data scratch, pwd, seed;
dbactive = FALSE;
valid_master_key = 0;
@@ -355,23 +370,15 @@ int open_db_and_mkey()
/* If no encryption type is set, use the default */
if (master_keyblock.enctype == ENCTYPE_UNKNOWN) {
- master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
- if (!valid_enctype(master_keyblock.enctype)) {
- char tmp[32];
- if (krb5_enctype_to_string(master_keyblock.enctype,
- tmp, sizeof(tmp)))
- com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
- "while setting up enctype %d", master_keyblock.enctype);
- else
- com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, tmp);
- exit(1);
- }
- krb5_use_enctype(util_context, &master_encblock,
- master_keyblock.enctype);
+ master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
+ if (!valid_enctype(master_keyblock.enctype))
+ com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
+ "while setting up enctype %d",
+ master_keyblock.enctype);
}
- retval = krb5_string_to_key(util_context, &master_encblock,
- &master_keyblock, &pwd, &scratch);
+ retval = krb5_c_string_to_key(util_context, master_keyblock.enctype,
+ &pwd, &scratch, &master_keyblock);
if (retval) {
com_err(progname, retval,
"while transforming master key from password");
@@ -380,8 +387,9 @@ int open_db_and_mkey()
free(scratch.data);
mkey_password = 0;
} else if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
- &master_encblock, manual_mkey,
- FALSE, global_params.stash_file,
+ master_keyblock.enctype,
+ manual_mkey, FALSE,
+ global_params.stash_file,
0, &master_keyblock))) {
com_err(progname, retval, "while reading master key");
com_err(progname, 0, "Warning: proceeding without master key");
@@ -389,27 +397,19 @@ int open_db_and_mkey()
return(0);
}
if ((retval = krb5_db_verify_master_key(util_context, master_princ,
- &master_keyblock,&master_encblock))
- ) {
+ &master_keyblock))) {
com_err(progname, retval, "while verifying master key");
exit_status++;
krb5_free_keyblock_contents(util_context, &master_keyblock);
return(1);
}
- if ((retval = krb5_process_key(util_context, &master_encblock,
- &master_keyblock))) {
- com_err(progname, retval, "while processing master key");
- exit_status++;
- memset((char *)master_keyblock.contents, 0, master_keyblock.length);
- krb5_free_keyblock_contents(util_context, &master_keyblock);
- return(1);
- }
- if ((retval = krb5_init_random_key(util_context, &master_encblock,
- &master_keyblock,
- &master_random))) {
- com_err(progname, retval, "while initializing random key generator");
+
+ seed.length = master_keyblock.length;
+ seed.data = master_keyblock.contents;
+
+ if ((retval = krb5_c_random_seed(util_context, &seed))) {
+ com_err(progname, retval, "while seeding random number generator");
exit_status++;
- (void) krb5_finish_key(util_context, &master_encblock);
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
krb5_free_keyblock_contents(util_context, &master_keyblock);
return(1);
@@ -432,11 +432,6 @@ quit()
if (finished)
return 0;
- if (valid_master_key) {
- (void) krb5_finish_key(util_context, &master_encblock);
- (void) krb5_finish_random_key(util_context, &master_encblock,
- &master_random);
- }
retval = krb5_db_fini(util_context);
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
finished = TRUE;
@@ -447,3 +442,104 @@ quit()
}
return 0;
}
+
+int
+add_random_key(argc, argv)
+ int argc;
+ char **argv;
+{
+ krb5_error_code ret;
+ krb5_principal princ;
+ krb5_db_entry dbent;
+ int n, i;
+ krb5_boolean more;
+ krb5_timestamp now;
+
+ krb5_key_salt_tuple *keysalts = NULL;
+ krb5_int32 num_keysalts = 0;
+
+ int free_keysalts;
+ char *me = argv[0];
+ char *ks_str = NULL;
+ char *pr_str;
+
+ if (argc < 2)
+ usage();
+ for (argv++, argc--; *argv; argv++, argc--) {
+ if (!strcmp(*argv, "-e")) {
+ argv++; argc--;
+ ks_str = *argv;
+ continue;
+ } else
+ break;
+ }
+ if (argc < 1)
+ usage();
+ pr_str = *argv;
+ ret = krb5_parse_name(util_context, pr_str, &princ);
+ if (ret) {
+ com_err(me, ret, "while parsing principal name %s", pr_str);
+ return 1;
+ }
+ n = 1;
+ ret = krb5_db_get_principal(util_context, princ, &dbent,
+ &n, &more);
+ if (ret) {
+ com_err(me, ret, "while fetching principal %s", pr_str);
+ return 1;
+ }
+ if (n != 1) {
+ fprintf(stderr, "principal %s not found\n", pr_str);
+ return 1;
+ }
+ if (more) {
+ fprintf(stderr, "principal %s not unique\n", pr_str);
+ krb5_dbe_free_contents(util_context, &dbent);
+ return 1;
+ }
+ ret = krb5_string_to_keysalts(ks_str,
+ ", \t", ":.-", 0,
+ &keysalts,
+ &num_keysalts);
+ if (ret) {
+ com_err(me, ret, "while parsing keysalts %s", ks_str);
+ return 1;
+ }
+ if (!num_keysalts || keysalts == NULL) {
+ num_keysalts = global_params.num_keysalts;
+ keysalts = global_params.keysalts;
+ free_keysalts = 0;
+ } else
+ free_keysalts = 1;
+ ret = krb5_dbe_ark(util_context, &master_keyblock,
+ keysalts, num_keysalts,
+ &dbent);
+ if (free_keysalts)
+ free(keysalts);
+ if (ret) {
+ com_err(me, ret, "while randomizing principal %s", pr_str);
+ krb5_dbe_free_contents(util_context, &dbent);
+ return 1;
+ }
+ dbent.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
+ ret = krb5_timeofday(util_context, &now);
+ if (ret) {
+ com_err(me, ret, "while getting time");
+ krb5_dbe_free_contents(util_context, &dbent);
+ return 1;
+ }
+ ret = krb5_dbe_update_last_pwd_change(util_context, &dbent, now);
+ if (ret) {
+ com_err(me, ret, "while setting changetime");
+ krb5_dbe_free_contents(util_context, &dbent);
+ return 1;
+ }
+ ret = krb5_db_put_principal(util_context, &dbent, &n);
+ krb5_dbe_free_contents(util_context, &dbent);
+ if (ret) {
+ com_err(me, ret, "while saving principal %s", pr_str);
+ return 1;
+ }
+ printf("%s changed\n", pr_str);
+ return 0;
+}
diff --git a/src/kadmin/dbutil/loadv4.c b/src/kadmin/dbutil/loadv4.c
index 01a4bf2..b7df142 100644
--- a/src/kadmin/dbutil/loadv4.c
+++ b/src/kadmin/dbutil/loadv4.c
@@ -25,6 +25,32 @@
* entries from a V4 database.
*/
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
#ifdef KRB5_KRB4_COMPAT
#include <des.h>
@@ -59,8 +85,7 @@ struct realm_info {
krb5_deltat max_rlife;
krb5_timestamp expiration;
krb5_flags flags;
- krb5_encrypt_block *eblock;
- krb5_pointer rseed;
+ krb5_keyblock *key;
};
static struct realm_info rblock = { /* XXX */
@@ -92,7 +117,6 @@ static int create_local_tgt = 0;
static krb5_keyblock master_keyblock;
static krb5_principal master_princ;
-static krb5_encrypt_block master_encblock;
static krb5_data tgt_princ_entries[] = {
{0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},
@@ -146,6 +170,7 @@ char *argv[];
extern kadm5_config_params global_params;
long exp_time = 0;
krb5_int32 crflags = KRB5_KDB_CREATE_BTREE;
+ krb5_data seed;
retval = krb5_init_context(&context);
if (retval) {
@@ -218,8 +243,6 @@ char *argv[];
return;
}
- krb5_use_enctype(context, &master_encblock, master_keyblock.enctype);
-
/* If the user has not requested locking, don't modify an existing database. */
if (! tempdb) {
retval = krb5_db_set_name(context, dbname);
@@ -281,39 +304,32 @@ master key name '%s'\n",
fflush(stdout);
}
- if (retval = krb5_db_fetch_mkey(context, master_princ, &master_encblock,
+ if (retval = krb5_db_fetch_mkey(context, master_princ,
+ master_keyblock.enctype,
read_mkey, read_mkey, stash_file, 0,
&master_keyblock)) {
com_err(PROGNAME, retval, "while reading master key");
krb5_free_context(context);
return;
}
- if (retval = krb5_process_key(context, &master_encblock, &master_keyblock)) {
- com_err(PROGNAME, retval, "while processing master key");
- krb5_free_context(context);
- return;
- }
- rblock.eblock = &master_encblock;
- if (retval = krb5_init_random_key(context, &master_encblock,
- &master_keyblock, &rblock.rseed)) {
+ rblock.key = &master_keyblock;
+
+ seed.length = master_keyblock.length;
+ seed.data = master_keyblock.contents;
+
+ if (retval = krb5_c_random_seed(context, &seed)) {
com_err(PROGNAME, retval, "while initializing random key generator");
- (void) krb5_finish_key(context, &master_encblock);
krb5_free_context(context);
return;
}
if (retval = krb5_db_create(context, tempdbname, crflags)) {
- (void) krb5_finish_key(context, &master_encblock);
- (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed);
- (void) krb5_db_destroy(context, tempdbname);
com_err(PROGNAME, retval, "while creating %sdatabase '%s'",
tempdb ? "temporary " : "", tempdbname);
krb5_free_context(context);
return;
}
if (retval = krb5_db_set_name(context, tempdbname)) {
- (void) krb5_finish_key(context, &master_encblock);
- (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed);
(void) krb5_db_destroy(context, tempdbname);
com_err(PROGNAME, retval, "while setting active database to '%s'",
tempdbname);
@@ -321,16 +337,12 @@ master key name '%s'\n",
return;
}
if (v4init(PROGNAME, v4manual, v4dumpfile)) {
- (void) krb5_finish_key(context, &master_encblock);
- (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed);
(void) krb5_db_destroy(context, tempdbname);
krb5_free_context(context);
return;
}
if ((retval = krb5_db_init(context)) ||
(retval = krb5_db_open_database(context))) {
- (void) krb5_finish_key(context, &master_encblock);
- (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed);
(void) krb5_db_destroy(context, tempdbname);
com_err(PROGNAME, retval, "while initializing the database '%s'",
tempdbname);
@@ -340,8 +352,6 @@ master key name '%s'\n",
if (retval = add_principal(context, master_princ, MASTER_KEY, &rblock)) {
(void) krb5_db_fini(context);
- (void) krb5_finish_key(context, &master_encblock);
- (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed);
(void) krb5_db_destroy(context, tempdbname);
com_err(PROGNAME, retval, "while adding K/M to the database");
krb5_free_context(context);
@@ -351,8 +361,6 @@ master key name '%s'\n",
if (create_local_tgt &&
(retval = add_principal(context, &tgt_princ, RANDOM_KEY, &rblock))) {
(void) krb5_db_fini(context);
- (void) krb5_finish_key(context, &master_encblock);
- (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed);
(void) krb5_db_destroy(context, tempdbname);
com_err(PROGNAME, retval, "while adding TGT service to the database");
krb5_free_context(context);
@@ -384,8 +392,6 @@ master key name '%s'\n",
if (tempdb)
(void) krb5_db_destroy (context, tempdbname);
}
- (void) krb5_finish_key(context, &master_encblock);
- (void) krb5_finish_random_key(context, &master_encblock, &rblock.rseed);
memset((char *)master_keyblock.contents, 0, master_keyblock.length);
/*
@@ -547,7 +553,7 @@ Principal *princ;
keysalt.type = KRB5_KDB_SALTTYPE_V4;
keysalt.data.length = 0;
keysalt.data.data = (char *) NULL;
- retval = krb5_dbekd_encrypt_key_data(context, rblock.eblock,
+ retval = krb5_dbekd_encrypt_key_data(context, rblock.key,
&v4v5key, &keysalt,
princ->key_version,
&entry.key_data[0]);
@@ -592,7 +598,7 @@ struct realm_info *pblock;
{
krb5_db_entry entry;
krb5_error_code retval;
- krb5_keyblock *rkey;
+ krb5_keyblock rkey;
int nentries = 1;
krb5_timestamp mod_time;
krb5_principal mod_princ;
@@ -619,7 +625,7 @@ struct realm_info *pblock;
switch (op) {
case MASTER_KEY:
entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
- if (retval = krb5_dbekd_encrypt_key_data(context, pblock->eblock,
+ if (retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
&master_keyblock,
(krb5_keysalt *) NULL, 1,
&entry.key_data[0])) {
@@ -628,19 +634,19 @@ struct realm_info *pblock;
}
break;
case RANDOM_KEY:
- if (retval = krb5_random_key(context, pblock->eblock, pblock->rseed,
- &rkey)) {
+ if (retval = krb5_c_make_random_key(context, pblock->key->enctype,
+ &rkey)) {
krb5_db_free_principal(context, &entry, 1);
return retval;
}
- if (retval = krb5_dbekd_encrypt_key_data(context, pblock->eblock,
- rkey,
+ if (retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
+ &rkey,
(krb5_keysalt *) NULL, 1,
&entry.key_data[0])) {
krb5_db_free_principal(context, &entry, 1);
return(retval);
}
- krb5_free_keyblock(context, rkey);
+ krb5_free_keyblock_contents(context, &rkey);
break;
case NULL_KEY:
return EOPNOTSUPP;
diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog
index 22f8214..8131a86 100644
--- a/src/kadmin/server/ChangeLog
+++ b/src/kadmin/server/ChangeLog
@@ -1,3 +1,10 @@
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * ovsec_kadmd.c: add calls to a new function
+ _svcauth_gssapi_unset_names() to clean up memory when shutting
+ down. Use krb5_overridekeyname instead of krb5_defkeyname, so the
+ command line takes precedence over the environment.
+
Wed Jul 22 00:28:57 1998 Geoffrey King <gjking@mit.edu>
* ovsec_kadmd.c (main): Cast gss_nt_krb5_name to
diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 6ac8709..b8a5088 100644
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -3,6 +3,32 @@
*
*/
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
#include <stdio.h>
#include <signal.h>
#include <syslog.h>
@@ -64,7 +90,7 @@ void *global_server_handle;
* it also restricts us to linking against the Kv5 GSS-API library.
* Since this is *k*admind, that shouldn't be a problem.
*/
-extern char *krb5_defkeyname;
+extern char *krb5_overridekeyname;
char *build_princ_name(char *name, char *realm);
void log_badauth(OM_uint32 major, OM_uint32 minor,
@@ -315,7 +341,7 @@ int main(int argc, char *argv[])
htons(addr.sin_port));
}
kadm5_destroy(global_server_handle);
- krb5_klog_close();
+ krb5_klog_close();
exit(1);
}
memset(&addr, 0, sizeof(addr));
@@ -386,9 +412,10 @@ int main(int argc, char *argv[])
exit(1);
}
- /* XXX krb5_defkeyname is an internal library global and should
- go away */
- krb5_defkeyname = params.admin_keytab;
+ /* XXX krb5_overridekeyname is an internal library global and should
+ go away. This is an awful hack. */
+
+ krb5_overridekeyname = params.admin_keytab;
/*
* Try to acquire creds for the old OV services as well as the
@@ -402,6 +429,7 @@ int main(int argc, char *argv[])
"failing.");
fprintf(stderr, "%s: Cannot set GSS-API authentication names.\n",
whoami);
+ _svcauth_gssapi_unset_names();
kadm5_destroy(global_server_handle);
krb5_klog_close();
exit(1);
@@ -428,6 +456,7 @@ int main(int argc, char *argv[])
error_message(ret));
fprintf(stderr, "%s: Cannot initialize acl file: %s\n",
whoami, error_message(ret));
+ _svcauth_gssapi_unset_names();
kadm5_destroy(global_server_handle);
krb5_klog_close();
exit(1);
@@ -438,6 +467,7 @@ int main(int argc, char *argv[])
krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", error_message(ret));
fprintf(stderr, "%s: Cannot detach from tty: %s\n",
whoami, error_message(ret));
+ _svcauth_gssapi_unset_names();
kadm5_destroy(global_server_handle);
krb5_klog_close();
exit(1);
@@ -449,6 +479,7 @@ int main(int argc, char *argv[])
krb5_klog_syslog(LOG_INFO, "finished, exiting");
/* Clean up memory, etc */
+ _svcauth_gssapi_unset_names();
kadm5_destroy(global_server_handle);
close(s);
acl_finish(context, 0);
@@ -934,6 +965,7 @@ void do_schpw(int s1, kadm5_config_params *params)
error_message(errno));
fprintf(stderr, "Cannot create connecting socket: %s",
error_message(errno));
+ _svcauth_gssapi_unset_names();
kadm5_destroy(global_server_handle);
krb5_klog_close();
exit(1);
diff --git a/src/kadmin/v4server/ChangeLog b/src/kadmin/v4server/ChangeLog
index e64ee0e..b00913c 100644
--- a/src/kadmin/v4server/ChangeLog
+++ b/src/kadmin/v4server/ChangeLog
@@ -1,3 +1,18 @@
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * admin_server.c, kadm_funcs.c, kadm_ser_wrap.c, kadm_server.h:
+ convert to new crypto api
+
+Fri Jul 31 18:17:16 1998 Tom Yu <tlyu@mit.edu>
+
+ * kadm_ser_wrap.c (kadm_ser_init): Remove references to
+ master_encblock, as it's no longer needed in the new crypto API,
+ adjusting kdb calls accordingly. Also punt calls to use_enctype,
+ process_key, etc.
+
+ * admin_server.c (clear_secrets): Remove references to
+ master_encblock, due to new crypto API.
+
Mon Jul 20 11:20:32 1998 Ezra Peisach <epeisach@mit.edu>
* acl_files.c: Include stdlib.h if present.
diff --git a/src/kadmin/v4server/acl_files.c b/src/kadmin/v4server/acl_files.c
index 35dd660..22a0007 100644
--- a/src/kadmin/v4server/acl_files.c
+++ b/src/kadmin/v4server/acl_files.c
@@ -332,7 +332,7 @@ char *el;
hv = hashval(el) % h->size;
while(h->tbl[hv] != NULL && strcmp(h->tbl[hv], el)) hv = (hv+1) % h->size;
- s = malloc(strlen(el)+1);
+ s = (char *) malloc(strlen(el)+1);
strcpy(s, el);
h->tbl[hv] = s;
h->entries++;
diff --git a/src/kadmin/v4server/admin_server.c b/src/kadmin/v4server/admin_server.c
index 9cd2f8f..90bf087 100644
--- a/src/kadmin/v4server/admin_server.c
+++ b/src/kadmin/v4server/admin_server.c
@@ -239,9 +239,6 @@ char *argv[];
static void clear_secrets()
{
- krb5_finish_key(kadm_context, &server_parm.master_encblock);
- memset((char *)&server_parm.master_encblock, 0,
- sizeof (server_parm.master_encblock));
memset((char *)server_parm.master_keyblock.contents, 0,
server_parm.master_keyblock.length);
server_parm.mkvno = 0L;
@@ -479,7 +476,7 @@ void process_client(fd, who)
}
status = krb5_dbekd_decrypt_key_data(kadm_context,
- &server_parm.master_encblock,
+ &server_parm.master_keyblock,
kdatap,
&cpw_skey,
(krb5_keysalt *) NULL);
diff --git a/src/kadmin/v4server/kadm_funcs.c b/src/kadmin/v4server/kadm_funcs.c
index 1d32073..658d4b7 100644
--- a/src/kadmin/v4server/kadm_funcs.c
+++ b/src/kadmin/v4server/kadm_funcs.c
@@ -591,6 +591,8 @@ des_cblock newpw;
sblock.data.length = 0;
sblock.data.data = (char *) NULL;
retval = krb5_dbekd_encrypt_key_data(kadm_context,
+ /* XXX but I'm ifdef'd out here,
+ so I can't really test this. */
&server_parm.master_encblock,
&localpw,
&sblock,
diff --git a/src/kadmin/v4server/kadm_ser_wrap.c b/src/kadmin/v4server/kadm_ser_wrap.c
index 2c5c807..bca814d 100644
--- a/src/kadmin/v4server/kadm_ser_wrap.c
+++ b/src/kadmin/v4server/kadm_ser_wrap.c
@@ -83,18 +83,7 @@ kadm_ser_init(inter, realm)
/* setting up the database */
mkey_name = KRB5_KDB_M_NAME;
-#ifdef KADM5
server_parm.master_keyblock.enctype = params->enctype;
- krb5_use_enctype(kadm_context, &server_parm.master_encblock,
- server_parm.master_keyblock.enctype);
-#else
- if (inter == 1) {
- server_parm.master_keyblock.enctype = ENCTYPE_DES_CBC_MD5;
- krb5_use_enctype(kadm_context, &server_parm.master_encblock,
- server_parm.master_keyblock.enctype);
- } else
- server_parm.master_keyblock.enctype = ENCTYPE_UNKNOWN;
-#endif
retval = krb5_db_setup_mkey_name(kadm_context, mkey_name, realm,
(char **) 0,
@@ -102,24 +91,15 @@ kadm_ser_init(inter, realm)
if (retval)
return KADM_NO_MAST;
krb5_db_fetch_mkey(kadm_context, server_parm.master_princ,
- &server_parm.master_encblock,
+ server_parm.master_keyblock.enctype,
(inter == 1), FALSE,
-#ifdef KADM5
params->stash_file,
-#else
- (char *) NULL,
-#endif
NULL,
&server_parm.master_keyblock);
if (retval)
return KADM_NO_MAST;
retval = krb5_db_verify_master_key(kadm_context, server_parm.master_princ,
- &server_parm.master_keyblock,
- &server_parm.master_encblock);
- if (retval)
- return KADM_NO_VERI;
- retval = krb5_process_key(kadm_context, &server_parm.master_encblock,
- &server_parm.master_keyblock);
+ &server_parm.master_keyblock);
if (retval)
return KADM_NO_VERI;
retval = krb5_db_get_principal(kadm_context, server_parm.master_princ,
diff --git a/src/kadmin/v4server/kadm_server.h b/src/kadmin/v4server/kadm_server.h
index e7a7fed..f293273 100644
--- a/src/kadmin/v4server/kadm_server.h
+++ b/src/kadmin/v4server/kadm_server.h
@@ -35,7 +35,6 @@ typedef struct {
char sinst[INST_SZ];
char krbrlm[REALM_SZ];
krb5_principal sprinc;
- krb5_encrypt_block master_encblock;
krb5_principal master_princ;
krb5_keyblock master_keyblock;
krb5_deltat max_life;
generated by cgit v1.1 at 2024-08-04 15:45:32 +0000