Also: add support for ignoring null enctype / zero-length keys,
which *can* be found in MIT DB entries created in pre-historic
times.
Also: make the mitdb HDB backend more elegant (e.g., use the ASN.1
compiler's generated sequence/array utility functions.
Also: add a utility function needed for kadm5 kvno change
improvements and make kadmin's mod --kvno work correctly and
naturally.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Heimdal can be executed in environments in which the user
account profile is not loaded. In such environments it is
not possible to use PROV_RSA_FULL as it stores required
data within the profile. Instead, fallback to PROV_RNG which
does not store data within the profile and can be used to access
secure random number generator routines.
Change-Id: If600246f39645ed6bf5af0dd237f5adfddcf6c0c
if NO_AFS is not defined include the KAFS library when
building kuser. the KAFS library does not yet build on
Windows but will in the future.
Change-Id: If2a6c7279d6166cc0f4c49d36f3fa54ad7d19d87
on a big endian machine, usage of this file in the kernel
is somewhat troublesome since the linux kernel already has
a well known global/#define called current.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
We don't need a cast in that case.
Before commit 1124c4872d
(KVNOs are krb5uint32 in RFC4120, make it so),
we compared krb5int32 casted to size_t with unsigned int,
which resulted in the following problem:
Casting krb5int32 to (size_t) is wrong, as sizeof(int)==4 != sizeof(size_t)== 8.
If you cast negative int values to size_t you'll get this:
int ival = -5000; // 0xFFFFEC78
size_t sval = (size_t)ival; // this will be 0xFFFFFFFFFFFFEC78
So we better compare while casting to (unsigned int).
This is important for Active Directory RODC support,
which adds a random number into the higher 16-bits of the
32-bit kvno value.
metze
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
