From 2b3697977a1ab3ac3900eaa950a9e379cdbc1924 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Thu, 13 Dec 1990 16:30:18 +0000 Subject: [PATCH] Changed encrypted keyblocks to use krb5_encrypted_keyblock instead of krb5_keyblock git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1549 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/krb5/encryption.h | 6 ++++++ src/include/krb5/kdb.h | 9 ++++++--- src/kdc/do_as_req.c | 6 ++---- src/kdc/do_tgs_req.c | 3 +-- src/kdc/kdc_util.c | 16 +--------------- 5 files changed, 16 insertions(+), 24 deletions(-) diff --git a/src/include/krb5/encryption.h b/src/include/krb5/encryption.h index 65fd77961..cf6ee7399 100644 --- a/src/include/krb5/encryption.h +++ b/src/include/krb5/encryption.h @@ -22,6 +22,12 @@ typedef struct _krb5_keyblock { krb5_octet *contents; } krb5_keyblock; +typedef struct _krb5_encrypted_keyblock { + krb5_keytype keytype; + int length; + krb5_octet *contents; +} krb5_encrypted_keyblock; + typedef struct _krb5_checksum { krb5_cksumtype checksum_type; /* checksum type */ int length; diff --git a/src/include/krb5/kdb.h b/src/include/krb5/kdb.h index b8b77b085..c42d8d585 100644 --- a/src/include/krb5/kdb.h +++ b/src/include/krb5/kdb.h @@ -18,7 +18,7 @@ typedef struct _krb5_db_entry { krb5_principal principal; - krb5_keyblock key; + krb5_encrypted_keyblock key; krb5_kvno kvno; krb5_deltat max_life; krb5_deltat max_renewable_life; @@ -40,6 +40,9 @@ typedef struct _krb5_db_entry { /* XXX depends on knowledge of krb5_parse_name() formats */ #define KRB5_KDB_M_NAME "K/M" /* Kerberos/Master */ +#define KDB_CONVERT_KEY_TO_DB(in,out) krb5_kdb_encrypt_key(&master_encblock, in, out) +#define KDB_CONVERT_KEY_OUTOF_DB(in, out) krb5_kdb_decrypt_key(&master_encblock, in, out) + /* prompts used by default when reading the KDC password from the keyboard. */ #define KRB5_KDC_MKEY_1 "Enter KDC database master key:" #define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify:" @@ -89,10 +92,10 @@ krb5_error_code krb5_db_store_mkey PROTOTYPE((char *, krb5_error_code krb5_kdb_encrypt_key PROTOTYPE((krb5_encrypt_block *, const krb5_keyblock *, - krb5_keyblock *)); + krb5_encrypted_keyblock *)); krb5_error_code krb5_kdb_decrypt_key PROTOTYPE((krb5_encrypt_block *, - const krb5_keyblock *, + const krb5_encrypted_keyblock *, krb5_keyblock *)); krb5_error_code krb5_db_setup_mkey_name PROTOTYPE((const char *, const char *, char **, krb5_principal *)); diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 5a65823e1..a6a376da1 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -234,8 +234,7 @@ krb5_data **response; /* filled in with a response packet */ /* convert server.key into a real key (it may be encrypted in the database) */ - if (retval = kdc_convert_key(&server.key, &encrypting_key, - CONVERT_OUTOF_DB)) { + if (retval = KDB_CONVERT_KEY_OUTOF_DB(&server.key, &encrypting_key)) { cleanup(); return retval; } @@ -288,8 +287,7 @@ krb5_data **response; /* filled in with a response packet */ /* convert client.key into a real key (it may be encrypted in the database) */ - if (retval = kdc_convert_key(&client.key, &encrypting_key, - CONVERT_OUTOF_DB)) { + if (retval = KDB_CONVERT_KEY_OUTOF_DB(&client.key, &encrypting_key)) { cleanup(); return retval; } diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index bd791c3ed..06e9a74da 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -398,8 +398,7 @@ krb5_data **response; /* filled in with a response packet */ } else { /* convert server.key into a real key (it may be encrypted in the database) */ - if (retval = kdc_convert_key(&server.key, &encrypting_key, - CONVERT_OUTOF_DB)) { + if (retval = KDB_CONVERT_KEY_OUTOF_DB(&server.key, &encrypting_key)) { cleanup(); return retval; } diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index b70b0efa4..39f06145b 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -183,8 +183,7 @@ krb5_ticket **ticket; } /* convert server.key into a real key (it may be encrypted in the database) */ - if (retval = kdc_convert_key(&server.key, &encrypting_key, - CONVERT_OUTOF_DB)) { + if (retval = KDB_CONVERT_KEY_OUTOF_DB(&server.key, &encrypting_key)) { krb5_db_free_principal(&server, nprincs); cleanup_apreq(); return retval; @@ -271,19 +270,6 @@ krb5_ticket **ticket; return 0; } -krb5_error_code -kdc_convert_key(in, out, direction) -krb5_keyblock *in, *out; -int direction; -{ - if (direction == CONVERT_INTO_DB) { - return krb5_kdb_encrypt_key(&master_encblock, in, out); - } else if (direction == CONVERT_OUTOF_DB) { - return krb5_kdb_decrypt_key(&master_encblock, in, out); - } else - return KRB5_KDB_ILLDIRECTION; -} - /* This probably wants to be updated if you support last_req stuff */ static krb5_last_req_entry *nolrarray[] = { 0 }; -- 2.26.2