| blob | ddcc92c7a35d03a5f226e246dd9b226e6c0c81c6 |
2 /*
3 * Copyright (c) 1997 - 2011 Kungliga Tekniska Högskolan
4 * (Royal Institute of Technology, Stockholm, Sweden).
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * 3. Neither the name of the Institute nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
37 /*
38 * free all the memory used by (len, keys)
39 */
41 void
43 {
53 }
55 }
57 }
59 /*
60 * for each entry in `default_keys' try to parse it as a sequence
61 * of etype:salttype:salt, syntax of this if something like:
62 * [(des|des3|etype):](pw-salt|afs3)[:string], if etype is omitted it
63 * means all etypes, and if string is omitted is means the default
64 * string (for that principal). Additional special values:
65 * v5 == pw-salt, and
66 * v4 == des:pw-salt:
67 * afs or afs3 == des:afs3-salt
68 */
71 KRB5_ENCTYPE_DES_CBC_MD5,
72 KRB5_ENCTYPE_DES_CBC_MD4,
73 KRB5_ENCTYPE_DES_CBC_CRC
74 };
77 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
78 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
79 KRB5_ENCTYPE_DES3_CBC_SHA1
80 };
82 static krb5_error_code
86 {
91 krb5_enctype e;
93 krb5_error_code ret;
100 /* split p in a list of :-separated strings */
110 /* this might be a etype specifier */
111 /* XXX there should be a string_to_etypes handling
112 special cases like `des' and `all' */
127 }
129 }
131 /* interpret string as a salt specifier, if no etype
132 is set, this sets default values */
133 /* XXX should perhaps use string_to_salttype, but that
134 interface sucks */
139 }
145 }
147 }
149 }
151 {
152 /* if there is a final string, use it as the string to
153 salt with, this is mostly useful with null salt for
154 v4 compat, and a cell name for afs compat */
159 }
161 }
162 }
167 }
169 /* if no salt was specified make up default salt */
178 "out of memory while "
181 }
184 }
185 }
192 }
197 }
200 /**
201 * This function adds an HDB entry's current keyset to the entry's key
202 * history. The current keyset is left alone; the caller is responsible
203 * for freeing it.
204 *
205 * @param context Context
206 * @param entry HDB entry
207 */
208 krb5_error_code
210 {
212 krb5_error_code ret;
214 hdb_keyset newkeyset;
228 }
230 /*
231 * Copy in newest old keyset
232 */
247 /* hdb_replace_extension() deep-copies ext; what a waste */
251 }
253 out:
257 }
259 }
261 /**
262 * This function adds a key to an HDB entry's key history.
263 *
264 * @param context Context
265 * @param entry HDB entry
266 * @param kvno Key version number of the key to add to the history
267 * @param key The Key to add
268 */
269 krb5_error_code
271 {
273 hdb_keyset keyset;
275 HDB_extension ext;
277 krb5_error_code ret;
286 }
294 }
295 }
308 }
310 out:
314 }
317 /**
318 * This function changes an hdb_entry's kvno, swapping the current key
319 * set with a historical keyset. If no historical keys are found then
320 * an error is returned (the caller can still set entry->kvno directly).
321 *
322 * @param context krb5_context
323 * @param new_kvno New kvno for the entry
324 * @param entry hdb_entry to modify
325 */
326 krb5_error_code
328 {
329 HDB_extension ext;
331 hdb_keyset keyset;
335 krb5_error_code ret;
345 }
359 }
360 }
369 /* Note: we do nothing with keyset.set_time */
374 out:
377 }
380 static krb5_error_code
383 {
384 krb5_error_code ret;
404 }
415 }
424 }
427 static
428 krb5_error_code
431 {
456 }
459 }
464 out:
469 }
471 /*
472 * Generate the `key_set' from the [kadmin]default_keys statement. If
473 * `no_salt' is set, salt is not important (and will not be set) since
474 * it's random keys that is going to be created.
475 */
477 krb5_error_code
481 {
484 krb5_error_code ret;
492 NULL
493 };
509 krb5_salt salt;
514 /* check alias */
532 }
535 /* find duplicates */
550 }
551 }
552 /* not a duplicate, lets add it */
560 }
561 }
562 }
565 }
569 out:
584 }
587 }
590 krb5_error_code
592 krb5_principal principal,
595 {
596 krb5_error_code ret;
605 krb5_salt salt;
613 password,
614 salt,
619 }
624 }
626 }