oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,084 Commits 2 Branches 2 Tags
2d52e5240127ec99b976f6ebb82991aa223da84e
Commit Graph

50 Commits

Author SHA1 Message Date
Nicolas Williams
95e56fa3ae hdb: fix hdb_unseal_keys_kvno return when no history 
Prior to this change hdb_unseal_keys_kvno() could return successfully (0)
if the choice_HDB_extension_data_hist_keys extension was found but the
hist_keys list was empty.  As a side effect callers would believe that the
provide hdb_entry keys were unsealed when they weren't.  This could cause
the KDC or kadmin to report invalid key size errors.

If the extension is present and the history list is empty attempt to
unseal the provided hdb_entry using hdb_unseal_keys_mkey().

Change-Id: I9218b02bccdbcf22133a9464a677374db53ade85
 2015-03-14 16:08:22 -04:00
Nicolas Williams
57f1545a46 Add support for writing to KDB and dumping HDB to MIT KDB dump format 
Before this change Heimdal could read KDBs.  Now it can write to
    them too.

    Heimdal can now also dump HDBs (including KDBs) in MIT format, which
    can then be imported with kdb5_util load.

    This is intended to help in migrations from MIT to Heimdal by
    allowing migrations from Heimdal to MIT so that it is possible
    to rollback from Heimdal to MIT should there be any issues.  The
    idea is to allow a) running Heimdal kdc/kadmind with a KDB, or
    b) running Heimdal with an HDB converted from a KDB and then
    rollback by dumping the HDB and loading a KDB.

    Note that not all TL data types are supported, only two: last
    password change and modify-by.  This is the minimum necessary.
    PKINIT users may need to add support for KRB5_TL_USER_CERTIFICATE,
    and for databases with K/M history we may need to add KRB5_TL_MKVNO
    support.

    Support for additional TL data types can be added in
    lib/hdb/hdb-mitdb.c:_hdb_mdb_value2entry() and
    lib/hdb/print.c:entry2mit_string_int().
 2012-05-03 14:24:18 -05:00
Love Hörnquist Åstrand
8b7e31c301 plug memory leak 2011-07-26 20:15:33 -07:00
Love Hörnquist Åstrand
8fccb51d49 Merge pull request #12 from nicowilliams/krb5_admin_patches_2nd 
Krb5 admin patches 2nd

This has all the patches needed for krb5_admind to build and pass most tests, that includes:
- more kadm5 API compatibility (including very basic profile functionality)
- multi-kvno support (useful for key rollovers) (a test for this is included in tests/db/check-kdc)

Unfinished:
- password history (currently uses key history, needs to be separated and use digests)
- policies (only default policy allowed)
- mit kdb changes not tested yet


Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2011-07-24 15:41:36 -07:00
Love Hörnquist Åstrand
f60ec15834 partly unify enctype/keytype since there is only enctypes 2011-07-24 14:03:08 -07:00
Nicolas Williams
95262936c7 s/assert/heim_assert/ and remove dead code 2011-07-24 11:07:27 -05:00
Nicolas Williams
f2897efd09 Make the KDC path work. 2011-07-22 16:07:08 -05:00
Nicolas Williams
31974aa24c More s/int/size_t/ for iterators. Also fixed a stupid bug. 2011-07-22 16:07:06 -05:00
Nicolas Williams
53ea8ac59b Make changes to hdb_keyset type be backward-compatible. 2011-07-22 16:06:01 -05:00
Nicolas Williams
c2ec368c36 Add HDB extension for storing policy regarding what historic keys may be used for 2011-07-22 16:06:00 -05:00
Nicolas Williams
308e53a4a8 Initial support for filtering out "dead" historical keys. 2011-07-22 16:05:21 -05:00
Nicolas Williams
7e0a801e28 Changed decrypt key history logic and added HDB_F_ALL_KVNOS. 2011-07-22 16:05:21 -05:00
Nicolas Williams
34189a23fe Added a flag to ensure that we don't mod/store hdb entries fetched with specified kvno. 2011-07-22 16:04:51 -05:00
Nicolas Williams
a095933ee0 We want the time that a keyset was set, not the time it was replaced. 2011-07-22 16:04:51 -05:00
Nicolas Williams
08650b573b Also encrypt the history when storing the entry. 2011-07-22 16:04:51 -05:00
Nicolas Williams
fca53990e4 Initial commit for second approach for multiple kvno. NOT TESTED! 2011-07-22 16:04:51 -05:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
f5f9014c90 Warning fixes from Christos Zoulas 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
 2011-04-29 20:25:05 -07:00
Love Hornquist Astrand
d631443133 Support both BE and LE MIT master key file formats 
Prompted by discussion on heimdal-discuss by Michael Wood, Russ Allbery,
and Henry B. Hotz.
 2010-05-22 13:16:52 -07:00
Love Hornquist Astrand
5813b0a4dd default master key version is 1 2009-11-22 12:53:56 -08:00
Love Hörnquist Åstrand
5a9dd54e95 drop RCSID 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25319 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:09:16 +00:00
Love Hörnquist Åstrand
ecc751b6dd remove #if 0 codeblock 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25196 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-06 19:04:38 +00:00
Love Hörnquist Åstrand
03ae51a040 catch read from socket error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25188 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-06 19:03:00 +00:00
Love Hörnquist Åstrand
cdc2b37670 switch to krb5_clear_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23913 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-14 02:56:07 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
7fcd266fdd use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand
8d40c2994b check return value of alloc functions, from Charles Longeau 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21745 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-07-31 16:11:25 +00:00
Love Hörnquist Åstrand
cb704efeeb Rename u_intXX_t to uintXX_t 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17445 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-05 10:37:46 +00:00
Love Hörnquist Åstrand
96ebe5947e (hdb_seal_key_mkey): dont double encrypt keys 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15940 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-08-19 13:07:06 +00:00
Love Hörnquist Åstrand
067af5ca8e Expose the crypto operations on the master key. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15864 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-08-10 08:41:03 +00:00
Love Hörnquist Åstrand
f3862df669 (hdb_unseal_key_mkey): try to unseal key with keyusage 0 in case the 
key was encrypted with MIT Kerberos (old patch from Johan)


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15826 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-07-28 14:06:16 +00:00
Love Hörnquist Åstrand
44cb7e1d74 add hdb_{,un}seal_key{,_mkey} from Andrew Bartlett <abartlet@samba.org> 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13427 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-06 18:58:22 +00:00
Love Hörnquist Åstrand
0540f13b86 prefix all struct HDB elements with hdb_ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12880 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-19 00:25:35 +00:00
Love Hörnquist Åstrand
b6609c3d3b (read_master_mit): krb5_ret_int16 takes a int16_t as argument 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12576 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-08-17 18:44:08 +00:00
Love Hörnquist Åstrand
6db34748ac (hdb_unseal_keys_mkey): truncate key to the key length when key is 
longer then expected length, its probably longer since the encrypted
data was padded, reported by Aidan Cully <aidan@kublai.com>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11931 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-03-28 02:01:33 +00:00
Assar Westerlund
aa2bd6c196 (read_master_encryptionkey): use a proper type for len 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11107 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2002-08-16 18:59:49 +00:00
Jacques A. Vidrine
84ed3d7a7c Fix a bug where kstash crashes if there is no krb5.conf 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10799 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-12-05 14:41:47 +00:00
Johan Danielsson
5f68cd1d3c (hdb_set_master_keyfile): clear error string when not returning error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10716 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-09-18 07:42:09 +00:00
Assar Westerlund
c7562eda65 add some more error strings 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10338 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-07-13 06:30:42 +00:00
Johan Danielsson
3bd196cf37 more set_error_string 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10335 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-07-12 10:52:26 +00:00
Johan Danielsson
ea426418be (read_master_mit): set_error_string 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10334 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-07-12 10:40:43 +00:00
Assar Westerlund
0e0d1336bd (hdb_unseal_keys_mkey, hdb_seal_keys_mkey, hdb_unseal_keys, 
hdb_seal_keys): check that we have the correct master key and that we
manage to decrypt the key properly, returning an error code.  fix all
callers to check return value.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9594 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-01-30 01:20:57 +00:00
Johan Danielsson
e7f3feb49c add support for reading krb4 /.k files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9503 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2001-01-26 15:05:57 +00:00
Johan Danielsson
bea226bd5e add key usage 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8613 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-08 16:03:59 +00:00
Johan Danielsson
7ddae03f39 (read_master_encryptionkey): handle old keytype based files, and 
convert the key to cfb64


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8602 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-08 14:52:54 +00:00
Assar Westerlund
965da66604 (_hdb_unseal_keys_int, _hdb_seal_keys_int): rename and export them 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8592 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-08 13:39:31 +00:00
Johan Danielsson
2249e4157b (hdb_read_master_key): set mkey to NULL before doing anything else 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8590 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-08 13:26:01 +00:00
Johan Danielsson
326dfb8181 (read_master_mit): fix this 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8552 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-05 19:27:48 +00:00
Johan Danielsson
0e3158a838 rewrite master key handling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8546 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2000-07-05 13:08:13 +00:00