krb5_octet *contents;
} krb5_keyblock;
+typedef struct _krb5_encrypted_keyblock {
+ krb5_keytype keytype;
+ int length;
+ krb5_octet *contents;
+} krb5_encrypted_keyblock;
+
typedef struct _krb5_checksum {
krb5_cksumtype checksum_type; /* checksum type */
int length;
typedef struct _krb5_db_entry {
krb5_principal principal;
- krb5_keyblock key;
+ krb5_encrypted_keyblock key;
krb5_kvno kvno;
krb5_deltat max_life;
krb5_deltat max_renewable_life;
/* XXX depends on knowledge of krb5_parse_name() formats */
#define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */
+#define KDB_CONVERT_KEY_TO_DB(in,out) krb5_kdb_encrypt_key(&master_encblock, in, out)
+#define KDB_CONVERT_KEY_OUTOF_DB(in, out) krb5_kdb_decrypt_key(&master_encblock, in, out)
+
/* prompts used by default when reading the KDC password from the keyboard. */
#define KRB5_KDC_MKEY_1 "Enter KDC database master key:"
#define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify:"
krb5_error_code krb5_kdb_encrypt_key
PROTOTYPE((krb5_encrypt_block *,
const krb5_keyblock *,
- krb5_keyblock *));
+ krb5_encrypted_keyblock *));
krb5_error_code krb5_kdb_decrypt_key
PROTOTYPE((krb5_encrypt_block *,
- const krb5_keyblock *,
+ const krb5_encrypted_keyblock *,
krb5_keyblock *));
krb5_error_code krb5_db_setup_mkey_name
PROTOTYPE((const char *, const char *, char **, krb5_principal *));
/* convert server.key into a real key (it may be encrypted
in the database) */
- if (retval = kdc_convert_key(&server.key, &encrypting_key,
- CONVERT_OUTOF_DB)) {
+ if (retval = KDB_CONVERT_KEY_OUTOF_DB(&server.key, &encrypting_key)) {
cleanup();
return retval;
}
/* convert client.key into a real key (it may be encrypted
in the database) */
- if (retval = kdc_convert_key(&client.key, &encrypting_key,
- CONVERT_OUTOF_DB)) {
+ if (retval = KDB_CONVERT_KEY_OUTOF_DB(&client.key, &encrypting_key)) {
cleanup();
return retval;
}
} else {
/* convert server.key into a real key (it may be encrypted
in the database) */
- if (retval = kdc_convert_key(&server.key, &encrypting_key,
- CONVERT_OUTOF_DB)) {
+ if (retval = KDB_CONVERT_KEY_OUTOF_DB(&server.key, &encrypting_key)) {
cleanup();
return retval;
}
}
/* convert server.key into a real key (it may be encrypted
in the database) */
- if (retval = kdc_convert_key(&server.key, &encrypting_key,
- CONVERT_OUTOF_DB)) {
+ if (retval = KDB_CONVERT_KEY_OUTOF_DB(&server.key, &encrypting_key)) {
krb5_db_free_principal(&server, nprincs);
cleanup_apreq();
return retval;
return 0;
}
-krb5_error_code
-kdc_convert_key(in, out, direction)
-krb5_keyblock *in, *out;
-int direction;
-{
- if (direction == CONVERT_INTO_DB) {
- return krb5_kdb_encrypt_key(&master_encblock, in, out);
- } else if (direction == CONVERT_OUTOF_DB) {
- return krb5_kdb_decrypt_key(&master_encblock, in, out);
- } else
- return KRB5_KDB_ILLDIRECTION;
-}
-
/* This probably wants to be updated if you support last_req stuff */
static krb5_last_req_entry *nolrarray[] = { 0 };
projects / krb5.git / commitdiff