kdb_cpw.c revision 54925bf60766fbb4f1f2d7c843721406a7b7a3fb
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
*
* Copyright 1995 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
*/
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
* All rights reserved.
*
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of FundsXpress. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
#include "k5-int.h"
#include <kdb.h>
#include <stdio.h>
#include <errno.h>
static int
int count;
{
int i, kvno;
/* Find last key version number */
}
}
return(kvno);
}
static void
int count;
{
int i, j;
/* If data is NULL, count is always 0 */
for (i = 0; i < count; i++) {
for (j = 0; j < data[i].key_data_ver; j++) {
if (data[i].key_data_length[j]) {
}
}
}
}
static krb5_error_code
int ks_tuple_count;
int kvno;
{
0);
if (retval)
return retval;
/* Get tgt from database */
if (retval)
return(retval);
return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
}
if (!one)
return KRB5_KDB_NOENTRY;
/* Get max kvno */
}
}
for (i = 0; i < ks_tuple_count; i++) {
similar = 0;
/*
* We could use krb5_keysalt_iterate to replace this loop, or use
* krb5_keysalt_is_present for the loop below, but we want to avoid
* circular library dependencies.
*/
for (j = 0; j < i; j++) {
ks_tuple[i].ks_enctype,
ks_tuple[j].ks_enctype,
&similar)))
return(retval);
if (similar)
break;
}
if (similar)
continue;
goto add_key_rnd_err;
/* there used to be code here to extract the old key, and derive
a new key from it. Now that there's a unified prng, that isn't
necessary. */
/* make new key */
&key)))
goto add_key_rnd_err;
if (retval)
goto add_key_rnd_err;
}
return(retval);
}
/*
* Change random key for a krb5_db_entry
* Assumes the max kvno
*
* As a side effect all old keys are nuked if keepold is false.
*/
int ks_tuple_count;
{
int key_data_count;
int n_new_key_data;
int kvno;
int i;
/* First save the old keydata */
db_entry->n_key_data = 0;
/* increment the kvno */
kvno++;
if (retval) {
} else if (keepold) {
for (i = 0; i < key_data_count; i++) {
if (retval) {
break;
}
}
} else {
}
return(retval);
}
/*
* Add random key for a krb5_db_entry
* Assumes the max kvno
*
* As a side effect all old keys older than the max kvno are nuked.
*/
int ks_tuple_count;
{
int key_data_count;
int kvno;
int i;
/* First save the old keydata */
db_entry->n_key_data = 0;
/* increment the kvno */
kvno++;
} else {
/* Copy keys with key_data_kvno == kvno - 1 ( = old kvno ) */
for (i = 0; i < key_data_count; i++) {
break;
}
/* We should decrypt/re-encrypt the data to use the same mkvno*/
}
}
}
return(retval);
}
/*
* Add key_data for a krb5_db_entry
* If passwd is NULL the assumes that the caller wants a random password.
*/
static krb5_error_code
int ks_tuple_count;
char * passwd;
int kvno;
{
int i, j;
retval = 0;
for (i = 0; i < ks_tuple_count; i++) {
similar = 0;
/*
* We could use krb5_keysalt_iterate to replace this loop, or use
* krb5_keysalt_is_present for the loop below, but we want to avoid
* circular library dependencies.
*/
for (j = 0; j < i; j++) {
ks_tuple[i].ks_enctype,
ks_tuple[j].ks_enctype,
&similar)))
return(retval);
if (similar &&
break;
}
if (j < i)
continue;
return(retval);
/* Convert password string to key using appropriate salt */
case KRB5_KDB_SALTTYPE_ONLYREALM: {
return(retval);
}
break;
return(retval);
break;
case KRB5_KDB_SALTTYPE_NORMAL:
return(retval);
break;
case KRB5_KDB_SALTTYPE_V4:
break;
case KRB5_KDB_SALTTYPE_AFS3: {
#if 0
return(retval);
#else
/* Why do we do this? Well, the afs_mit_string_to_key needs to
use strlen, and the realm is not NULL terminated.... */
unsigned int slen =
return ENOMEM;
slen);
#endif
}
break;
default:
return(KRB5_KDB_BAD_SALTTYPE);
}
return(retval);
}
(const krb5_keysalt *)&key_salt,
return(retval);
}
}
return(retval);
}
/*
* Change password for a krb5_db_entry
* Assumes the max kvno
*
* As a side effect all old keys are nuked if keepold is false.
*/
int ks_tuple_count;
char * passwd;
int new_kvno;
{
int key_data_count;
int n_new_key_data;
int old_kvno;
int i;
/* First save the old keydata */
db_entry->n_key_data = 0;
/* increment the kvno. if the requested kvno is too small,
increment the old kvno */
if (retval) {
} else if (keepold) {
for (i = 0; i < key_data_count; i++) {
if (retval) {
break;
}
}
} else {
}
return(retval);
}
/*
* Add password for a krb5_db_entry
* Assumes the max kvno
*
* As a side effect all old keys older than the max kvno are nuked.
*/
int ks_tuple_count;
char * passwd;
{
int key_data_count;
int i;
/* First save the old keydata */
db_entry->n_key_data = 0;
/* increment the kvno */
} else {
/* Copy keys with key_data_kvno == old_kvno */
for (i = 0; i < key_data_count; i++) {
break;
}
/* We should decrypt/re-encrypt the data to use the same mkvno*/
}
}
}
return(retval);
}