krb5_principal *principal);
krb5_error_code
-krb5_dbekd_decrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt);
+krb5_dbe_decrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_key_data * key_data,
+ krb5_keyblock * dbkey,
+ krb5_keysalt * keysalt);
krb5_error_code
-krb5_dbekd_encrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data);
+krb5_dbe_encrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_keyblock * dbkey,
+ const krb5_keysalt * keysalt,
+ int keyver,
+ krb5_key_data * key_data);
krb5_error_code
krb5_dbe_fetch_act_key_list(krb5_context context,
krb5_def_promote_db(krb5_context, char *, char **);
krb5_error_code
-krb5_dbekd_def_decrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt);
+krb5_dbe_def_decrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_key_data * key_data,
+ krb5_keyblock * dbkey,
+ krb5_keysalt * keysalt);
krb5_error_code
-krb5_dbekd_def_encrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data);
-
-krb5_error_code
-krb5_dbekd_def_decrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt);
-
-krb5_error_code
-krb5_dbekd_def_encrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data);
+krb5_dbe_def_encrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_keyblock * dbkey,
+ const krb5_keysalt * keysalt,
+ int keyver,
+ krb5_key_data * key_data);
krb5_error_code
krb5_db_create_policy( krb5_context kcontext,
retval = krb5_dbe_find_mkey(context, master_keylist, db_entry, &tmp_mkey);
if (retval)
return retval;
- retval = krb5_dbekd_decrypt_key_data(context, tmp_mkey,
- key_data, &v5plainkey,
- &keysalt);
+ retval = krb5_dbe_decrypt_key_data(context, tmp_mkey, key_data,
+ &v5plainkey, &keysalt);
if (retval)
return retval;
key_ptr = &v5plainkey;
kvno = (krb5_kvno) key_data->key_data_kvno;
- retval = krb5_dbekd_encrypt_key_data(context, &new_master_keyblock,
- key_ptr, &keysalt,
- (int) kvno,
- &new_key_data);
+ retval = krb5_dbe_encrypt_key_data(context, &new_master_keyblock,
+ key_ptr, &keysalt, (int) kvno,
+ &new_key_data);
if (retval)
return retval;
krb5_free_keyblock_contents(context, &v5plainkey);
ind = iargs->dbentp->n_key_data-1;
if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype,
&key))) {
- kret = krb5_dbekd_encrypt_key_data(context,
- iargs->rblock->key,
- &key,
- NULL,
- 1,
- &iargs->dbentp->key_data[ind]);
+ kret = krb5_dbe_encrypt_key_data(context, iargs->rblock->key,
+ &key, NULL, 1,
+ &iargs->dbentp->key_data[ind]);
krb5_free_keyblock_contents(context, &key);
}
}
else
mkey_kvno = 1; /* Default */
entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
- if ((retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
- &master_keyblock, NULL,
- mkey_kvno, entry.key_data)))
+ if ((retval = krb5_dbe_encrypt_key_data(context, pblock->key,
+ &master_keyblock, NULL,
+ mkey_kvno, entry.key_data)))
return retval;
/*
* There should always be at least one "active" mkey so creating the
/* alloc enough space to hold new and existing key_data */
/*
- * The encrypted key is malloc'ed by krb5_dbekd_encrypt_key_data and
+ * The encrypted key is malloc'ed by krb5_dbe_encrypt_key_data and
* krb5_key_data key_data_contents is a pointer to this key. Using some
* logic from master_key_convert().
*/
/* Note, mkey does not have salt */
/* add new mkey encrypted with itself to mkey princ entry */
- if ((retval = krb5_dbekd_encrypt_key_data(context, new_mkey,
- new_mkey, NULL,
- (int) new_mkey_kvno,
- &master_entry->key_data[0]))) {
+ if ((retval = krb5_dbe_encrypt_key_data(context, new_mkey, new_mkey, NULL,
+ (int) new_mkey_kvno,
+ &master_entry->key_data[0]))) {
return (retval);
}
/* the mvkno should be that of the newest mkey */
memset(&tmp_key_data, 0, sizeof(tmp_key_data));
/* encrypt the new mkey with the older mkey */
- retval = krb5_dbekd_encrypt_key_data(context, &keylist_node->keyblock,
- new_mkey,
- NULL, /* no keysalt */
- (int) new_mkey_kvno,
- &tmp_key_data);
+ retval = krb5_dbe_encrypt_key_data(context, &keylist_node->keyblock,
+ new_mkey, NULL, (int) new_mkey_kvno,
+ &tmp_key_data);
if (retval)
goto clean_n_exit;
/*
* Store old key in master_entry keydata past the new mkey
*/
- retval = krb5_dbekd_encrypt_key_data(context, new_mkey,
- &keylist_node->keyblock,
- NULL, /* no keysalt */
- (int) keylist_node->kvno,
- &master_entry->key_data[i]);
+ retval = krb5_dbe_encrypt_key_data(context, new_mkey,
+ &keylist_node->keyblock,
+ NULL, (int) keylist_node->kvno,
+ &master_entry->key_data[i]);
if (retval)
goto clean_n_exit;
}
*
* server_keyblock is later used to generate auth data signatures
*/
- if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr,
- server_key, &server_keyblock,
- NULL))) {
+ if ((errcode = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr,
+ server_key, &server_keyblock,
+ NULL))) {
status = "DECRYPT_SERVER_KEY";
goto errout;
}
}
/* convert client.key_data into a real key */
- if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr,
- client_key, &client_keyblock,
- NULL))) {
+ if ((errcode = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr,
+ client_key, &client_keyblock,
+ NULL))) {
status = "DECRYPT_CLIENT_KEY";
goto errout;
}
* Convert server.key into a real key
* (it may be encrypted in the database)
*/
- if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context,
- mkey_ptr,
- server_key, &encrypting_key,
- NULL))) {
+ if ((errcode = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr,
+ server_key, &encrypting_key,
+ NULL))) {
status = "DECRYPT_SERVER_KEY";
goto cleanup;
}
if (krb5_dbe_find_enctype(context, entry, request->ktype[i],
-1, 0, &entry_key) != 0)
continue;
- if (krb5_dbekd_decrypt_key_data(context, mkey_ptr,
- entry_key, &keys[k], NULL) != 0) {
+ if (krb5_dbe_decrypt_key_data(context, mkey_ptr, entry_key,
+ &keys[k], NULL) != 0) {
if (keys[k].contents != NULL)
krb5_free_keyblock_contents(context, &keys[k]);
memset(&keys[k], 0, sizeof(keys[k]));
-1, 0, &client_key)))
goto cleanup;
- if ((retval = krb5_dbekd_decrypt_key_data(context, mkey_ptr,
- client_key, &key, NULL)))
+ if ((retval = krb5_dbe_decrypt_key_data(context, mkey_ptr, client_key,
+ &key, NULL)))
goto cleanup;
key.enctype = enc_data->enctype;
return retval;
}
/* convert server.key into a real key */
- retval = krb5_dbekd_decrypt_key_data(kdc_context,
- mkey_ptr,
- assoc_key, &encrypting_key,
- NULL);
+ retval = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr,
+ assoc_key, &encrypting_key,
+ NULL);
if (retval) {
kdc_err(kdc_context, retval,
"snk4 pulling out key entry");
* Unfortunately this key is stored encrypted even though it's
* not sensitive...
*/
- krtn = krb5_dbekd_decrypt_key_data(context, mkey_ptr,
- key_data, &decrypted_key, NULL);
+ krtn = krb5_dbe_decrypt_key_data(context, mkey_ptr, key_data,
+ &decrypted_key, NULL);
if(krtn) {
kdcPkinitDebug("verify_pkinit_request: error decrypting cert hash block\n");
break;
goto errout;
}
if ((*key = (krb5_keyblock *)malloc(sizeof **key))) {
- retval = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr,
- server_key,
- *key, NULL);
+ retval = krb5_dbe_decrypt_key_data(kdc_context, mkey_ptr, server_key,
+ *key, NULL);
} else
retval = ENOMEM;
retval = krb5_c_enctype_compare(kdc_context, ticket->enc_part.enctype,
if (ret)
goto done;
- ret = krb5_dbekd_decrypt_key_data(handle->context, mkey,
- &kdb.key_data[0], hist_keyblock, NULL);
+ ret = krb5_dbe_decrypt_key_data(handle->context, mkey, &kdb.key_data[0],
+ hist_keyblock, NULL);
if (ret)
goto done;
krb5_error_code ret;
for (x = 0; x < n_new_key_data; x++) {
- ret = krb5_dbekd_decrypt_key_data(context,
- mkey,
- &(new_key_data[x]),
- &newkey, NULL);
+ ret = krb5_dbe_decrypt_key_data(context, mkey, &(new_key_data[x]),
+ &newkey, NULL);
if (ret)
return(ret);
for (y = 0; y < n_pw_hist_data; y++) {
for (z = 0; z < pw_hist_data[y].n_key_data; z++) {
- ret = krb5_dbekd_decrypt_key_data(context,
- hist_keyblock,
- &pw_hist_data[y].key_data[z],
- &histkey, NULL);
+ ret = krb5_dbe_decrypt_key_data(context, hist_keyblock,
+ &pw_hist_data[y].key_data[z],
+ &histkey, NULL);
if (ret)
return(ret);
memset(hist->key_data, 0, n_key_data*sizeof(krb5_key_data));
for (i = 0; i < n_key_data; i++) {
- ret = krb5_dbekd_decrypt_key_data(context,
- mkey,
- &key_data[i],
- &key, &salt);
+ ret = krb5_dbe_decrypt_key_data(context, mkey, &key_data[i], &key,
+ &salt);
if (ret)
return ret;
- ret = krb5_dbekd_encrypt_key_data(context, hist_key,
- &key, &salt,
- key_data[i].key_data_kvno,
- &hist->key_data[i]);
+ ret = krb5_dbe_encrypt_key_data(context, hist_key, &key, &salt,
+ key_data[i].key_data_kvno,
+ &hist->key_data[i]);
if (ret)
return ret;
goto done;
/* use tmp_key_data as temporary location and reallocate later */
- ret = krb5_dbekd_encrypt_key_data(handle->context, act_mkey,
- keyblock, &keysalt, kvno + 1,
- &tmp_key_data);
+ ret = krb5_dbe_encrypt_key_data(handle->context, act_mkey, keyblock,
+ &keysalt, kvno + 1, &tmp_key_data);
if (ret) {
goto done;
}
if (ret)
goto done;
- ret = krb5_dbekd_encrypt_key_data(handle->context,
- act_mkey,
- &keyblocks[i],
- n_ks_tuple ? &keysalt : NULL,
- kvno + 1,
- &tmp_key_data);
+ ret = krb5_dbe_encrypt_key_data(handle->context, act_mkey,
+ &keyblocks[i],
+ n_ks_tuple ? &keysalt : NULL, kvno + 1,
+ &tmp_key_data);
if (ret)
goto done;
memset(keys, 0, n_key_data*sizeof(krb5_keyblock));
for (i = 0; i < n_key_data; i++) {
- ret = krb5_dbekd_decrypt_key_data(context, mkey,
- &key_data[i],
- &keys[i], NULL);
+ ret = krb5_dbe_decrypt_key_data(context, mkey, &key_data[i], &keys[i],
+ NULL);
if (ret) {
for (; i >= 0; i--) {
if (keys[i].contents) {
}
}
- if ((ret = krb5_dbekd_decrypt_key_data(handle->context,
- mkey_ptr, key_data,
- keyblock, keysalt)))
+ if ((ret = krb5_dbe_decrypt_key_data(handle->context, mkey_ptr, key_data,
+ keyblock, keysalt)))
return ret;
/*
*/
krb5_error_code
-krb5_dbekd_def_decrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt)
+krb5_dbe_def_decrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_key_data * key_data,
+ krb5_keyblock * dbkey,
+ krb5_keysalt * keysalt)
{
krb5_error_code retval = 0;
krb5_int16 tmplen;
*/
krb5_error_code
-krb5_dbekd_def_encrypt_key_data( krb5_context context,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data)
+krb5_dbe_def_encrypt_key_data( krb5_context context,
+ const krb5_keyblock * mkey,
+ const krb5_keyblock * dbkey,
+ const krb5_keysalt * keysalt,
+ int keyver,
+ krb5_key_data * key_data)
{
krb5_error_code retval;
krb5_octet * ptr;
if (lib->vftabl.promote_db == NULL)
lib->vftabl.promote_db = krb5_def_promote_db;
if (lib->vftabl.dbekd_decrypt_key_data == NULL)
- lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data;
+ lib->vftabl.dbekd_decrypt_key_data = krb5_dbe_def_decrypt_key_data;
if (lib->vftabl.dbekd_encrypt_key_data == NULL)
- lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data;
+ lib->vftabl.dbekd_encrypt_key_data = krb5_dbe_def_encrypt_key_data;
}
#ifdef STATIC_PLUGINS
}
krb5_error_code
-krb5_dbekd_decrypt_key_data( krb5_context kcontext,
- const krb5_keyblock * mkey,
- const krb5_key_data * key_data,
- krb5_keyblock * dbkey,
- krb5_keysalt * keysalt)
+krb5_dbe_decrypt_key_data( krb5_context kcontext,
+ const krb5_keyblock * mkey,
+ const krb5_key_data * key_data,
+ krb5_keyblock * dbkey,
+ krb5_keysalt * keysalt)
{
krb5_error_code status = 0;
kdb_vftabl *v;
}
krb5_error_code
-krb5_dbekd_encrypt_key_data( krb5_context kcontext,
- const krb5_keyblock * mkey,
- const krb5_keyblock * dbkey,
- const krb5_keysalt * keysalt,
- int keyver,
- krb5_key_data * key_data)
+krb5_dbe_encrypt_key_data( krb5_context kcontext,
+ const krb5_keyblock * mkey,
+ const krb5_keyblock * dbkey,
+ const krb5_keysalt * keysalt,
+ int keyver,
+ krb5_key_data * key_data)
{
krb5_error_code status = 0;
kdb_vftabl *v;
/* db library will free this. Since, its a so, it could actually be using different memory management
function. So, its better if the memory is allocated by the db's malloc. So, a temporary memory is used
here which will later be copied to the db_entry */
- retval = krb5_dbekd_encrypt_key_data(context, master_key,
- &key, NULL, kvno,
- &tmp_key_data);
+ retval = krb5_dbe_encrypt_key_data(context, master_key, &key, NULL,
+ kvno, &tmp_key_data);
krb5_free_keyblock_contents(context, &key);
if( retval )
/* memory allocation to be done by db. So, use temporary block and later copy
it to the memory allocated by db */
- retval = krb5_dbekd_encrypt_key_data(context, master_key, &key,
- (const krb5_keysalt *)&key_salt,
- kvno, &tmp_key_data);
+ retval = krb5_dbe_encrypt_key_data(context, master_key, &key,
+ (const krb5_keysalt *)&key_salt,
+ kvno, &tmp_key_data);
if (key_salt.data.data)
free(key_salt.data.data);
free(key.contents);
return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
}
- if ((retval = krb5_dbekd_decrypt_key_data(context, mkey,
- &master_entry.key_data[0],
- &tempkey, NULL))) {
+ if ((retval = krb5_dbe_decrypt_key_data(context, mkey,
+ &master_entry.key_data[0],
+ &tempkey, NULL))) {
krb5_db_free_principal(context, &master_entry, nprinc);
return retval;
}
*/
if (mkey->enctype == master_entry.key_data[0].key_data_type[0]) {
- if (krb5_dbekd_decrypt_key_data(context, mkey,
- &master_entry.key_data[0],
- &cur_mkey, NULL) == 0) {
+ if (krb5_dbe_decrypt_key_data(context, mkey, &master_entry.key_data[0],
+ &cur_mkey, NULL) == 0) {
found_key = TRUE;
}
}
for (aux_data_entry = mkey_aux_data_list; aux_data_entry != NULL;
aux_data_entry = aux_data_entry->next) {
- if (krb5_dbekd_decrypt_key_data(context, mkey,
- &aux_data_entry->latest_mkey,
- &cur_mkey, NULL) == 0) {
+ if (krb5_dbe_decrypt_key_data(context, mkey,
+ &aux_data_entry->latest_mkey,
+ &cur_mkey, NULL) == 0) {
found_key = TRUE;
break;
}
memset(*mkey_list_node, 0, sizeof(krb5_keylist_node));
}
key_data = &master_entry.key_data[i];
- retval = krb5_dbekd_decrypt_key_data(context, &cur_mkey,
- key_data,
- &((*mkey_list_node)->keyblock),
- NULL);
+ retval = krb5_dbe_decrypt_key_data(context, &cur_mkey, key_data,
+ &((*mkey_list_node)->keyblock),
+ NULL);
if (retval)
goto clean_n_exit;
goto error;
- kerror = krb5_dbekd_decrypt_key_data(context, master_key,
- key_data, &entry->key, NULL);
+ kerror = krb5_dbe_decrypt_key_data(context, master_key, key_data,
+ &entry->key, NULL);
if (kerror)
goto error;
krb5_dbe_update_mkvno
krb5_dbe_update_mod_princ_data
krb5_dbe_update_tl_data
-krb5_dbekd_def_encrypt_key_data
-krb5_dbekd_def_decrypt_key_data
-krb5_dbekd_decrypt_key_data
-krb5_dbekd_encrypt_key_data
+krb5_dbe_def_encrypt_key_data
+krb5_dbe_def_decrypt_key_data
+krb5_dbe_decrypt_key_data
+krb5_dbe_encrypt_key_data
krb5_kt_kdb_ops
krb5_ktkdb_close
krb5_ktkdb_get_entry
if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype,
&key))) {
- kret = krb5_dbekd_encrypt_key_data(context,
- iargs->rblock->key,
- &key,
- NULL,
- 1,
- &entry->key_data[ind]);
+ kret = krb5_dbe_encrypt_key_data(context, iargs->rblock->key, &key,
+ NULL, 1, &entry->key_data[ind]);
krb5_free_keyblock_contents(context, &key);
}
/*}*/
goto cleanup;
}
kvno = 1; /* New key is getting set */
- retval = krb5_dbekd_encrypt_key_data(context, master_keyblock,
- &key, NULL, kvno,
- &entry.key_data[entry.n_key_data - 1]);
+ retval = krb5_dbe_encrypt_key_data(context, master_keyblock,
+ &key, NULL, kvno,
+ &entry.key_data[entry.n_key_data - 1]);
krb5_free_keyblock_contents(context, &key);
if (retval) {
goto cleanup;
memset(entry.key_data, 0, sizeof(krb5_key_data));
entry.n_key_data++;
kvno = 1; /* New key is getting set */
- retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
- master_keyblock, NULL, kvno,
- &entry.key_data[entry.n_key_data - 1]);
+ retval = krb5_dbe_encrypt_key_data(context, pblock->key,
+ master_keyblock, NULL, kvno,
+ &entry.key_data[entry.n_key_data - 1]);
if (retval) {
goto cleanup;
}
goto error;
}
- if ((retval = krb5_dbekd_encrypt_key_data(context,&master_keyblock,
- &key, NULL, 1,
- newentry.key_data))) {
+ if ((retval = krb5_dbe_encrypt_key_data(context, &master_keyblock,
+ &key, NULL, 1,
+ newentry.key_data))) {
com_err(progname, retval, "while encrypting key for '%s'",
princ_name);
free(key.contents);
goto errout;
}
- if ((retval = krb5_dbekd_decrypt_key_data(context, &master_keyblock,
- kdbe.key_data, &db_key, NULL))) {
+ if ((retval = krb5_dbe_decrypt_key_data(context, &master_keyblock,
+ kdbe.key_data, &db_key, NULL))) {
com_err(progname, retval, "while decrypting key for '%s'", princ_name);
goto errout;
}
projects / krb5.git / commitdiff