heimdal

Author	SHA1	Message	Date
Nicolas Williams	57f1545a46	Add support for writing to KDB and dumping HDB to MIT KDB dump format Before this change Heimdal could read KDBs. Now it can write to them too. Heimdal can now also dump HDBs (including KDBs) in MIT format, which can then be imported with kdb5_util load. This is intended to help in migrations from MIT to Heimdal by allowing migrations from Heimdal to MIT so that it is possible to rollback from Heimdal to MIT should there be any issues. The idea is to allow a) running Heimdal kdc/kadmind with a KDB, or b) running Heimdal with an HDB converted from a KDB and then rollback by dumping the HDB and loading a KDB. Note that not all TL data types are supported, only two: last password change and modify-by. This is the minimum necessary. PKINIT users may need to add support for KRB5_TL_USER_CERTIFICATE, and for databases with K/M history we may need to add KRB5_TL_MKVNO support. Support for additional TL data types can be added in lib/hdb/hdb-mitdb.c:_hdb_mdb_value2entry() and lib/hdb/print.c:entry2mit_string_int().	2012-05-03 14:24:18 -05:00
Love Hörnquist Åstrand	8b7e31c301	plug memory leak	2011-07-26 20:15:33 -07:00
Love Hörnquist Åstrand	8fccb51d49	Merge pull request #12 from nicowilliams/krb5_admin_patches_2nd Krb5 admin patches 2nd This has all the patches needed for krb5_admind to build and pass most tests, that includes: - more kadm5 API compatibility (including very basic profile functionality) - multi-kvno support (useful for key rollovers) (a test for this is included in tests/db/check-kdc) Unfinished: - password history (currently uses key history, needs to be separated and use digests) - policies (only default policy allowed) - mit kdb changes not tested yet Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>	2011-07-24 15:41:36 -07:00
Love Hörnquist Åstrand	f60ec15834	partly unify enctype/keytype since there is only enctypes	2011-07-24 14:03:08 -07:00
Nicolas Williams	95262936c7	s/assert/heim_assert/ and remove dead code	2011-07-24 11:07:27 -05:00
Nicolas Williams	f2897efd09	Make the KDC path work.	2011-07-22 16:07:08 -05:00
Nicolas Williams	31974aa24c	More s/int/size_t/ for iterators. Also fixed a stupid bug.	2011-07-22 16:07:06 -05:00
Nicolas Williams	53ea8ac59b	Make changes to hdb_keyset type be backward-compatible.	2011-07-22 16:06:01 -05:00
Nicolas Williams	c2ec368c36	Add HDB extension for storing policy regarding what historic keys may be used for	2011-07-22 16:06:00 -05:00
Nicolas Williams	308e53a4a8	Initial support for filtering out "dead" historical keys.	2011-07-22 16:05:21 -05:00
Nicolas Williams	7e0a801e28	Changed decrypt key history logic and added HDB_F_ALL_KVNOS.	2011-07-22 16:05:21 -05:00
Nicolas Williams	34189a23fe	Added a flag to ensure that we don't mod/store hdb entries fetched with specified kvno.	2011-07-22 16:04:51 -05:00
Nicolas Williams	a095933ee0	We want the time that a keyset was set, not the time it was replaced.	2011-07-22 16:04:51 -05:00
Nicolas Williams	08650b573b	Also encrypt the history when storing the entry.	2011-07-22 16:04:51 -05:00
Nicolas Williams	fca53990e4	Initial commit for second approach for multiple kvno. NOT TESTED!	2011-07-22 16:04:51 -05:00
Love Hornquist Astrand	0879b9831a	remove trailing whitespace	2011-05-21 11:57:31 -07:00
Love Hornquist Astrand	f5f9014c90	Warning fixes from Christos Zoulas - shadowed variables - signed/unsigned confusion - const lossage - incomplete structure initializations - unused code	2011-04-29 20:25:05 -07:00
Love Hornquist Astrand	d631443133	Support both BE and LE MIT master key file formats Prompted by discussion on heimdal-discuss by Michael Wood, Russ Allbery, and Henry B. Hotz.	2010-05-22 13:16:52 -07:00
Love Hornquist Astrand	5813b0a4dd	default master key version is 1	2009-11-22 12:53:56 -08:00
Love Hörnquist Åstrand	5a9dd54e95	drop RCSID git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25319 ec53bebd-3082-4978-b11e-865c3cabbd6b	2009-07-05 05:09:16 +00:00
Love Hörnquist Åstrand	ecc751b6dd	remove #if 0 codeblock git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25196 ec53bebd-3082-4978-b11e-865c3cabbd6b	2009-05-06 19:04:38 +00:00
Love Hörnquist Åstrand	03ae51a040	catch read from socket error git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25188 ec53bebd-3082-4978-b11e-865c3cabbd6b	2009-05-06 19:03:00 +00:00
Love Hörnquist Åstrand	cdc2b37670	switch to krb5_clear_error_message git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23913 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-10-14 02:56:07 +00:00
Love Hörnquist Åstrand	6937d41a02	remove trailing whitespace git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand	e172367898	switch to utf8 encoding of all files git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand	7fcd266fdd	use krb5_set_error_message git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b	2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand	8d40c2994b	check return value of alloc functions, from Charles Longeau git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21745 ec53bebd-3082-4978-b11e-865c3cabbd6b	2007-07-31 16:11:25 +00:00
Love Hörnquist Åstrand	cb704efeeb	Rename u_intXX_t to uintXX_t git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17445 ec53bebd-3082-4978-b11e-865c3cabbd6b	2006-05-05 10:37:46 +00:00
Love Hörnquist Åstrand	96ebe5947e	(hdb_seal_key_mkey): dont double encrypt keys git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15940 ec53bebd-3082-4978-b11e-865c3cabbd6b	2005-08-19 13:07:06 +00:00
Love Hörnquist Åstrand	067af5ca8e	Expose the crypto operations on the master key. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15864 ec53bebd-3082-4978-b11e-865c3cabbd6b	2005-08-10 08:41:03 +00:00
Love Hörnquist Åstrand	f3862df669	(hdb_unseal_key_mkey): try to unseal key with keyusage 0 in case the key was encrypted with MIT Kerberos (old patch from Johan) git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15826 ec53bebd-3082-4978-b11e-865c3cabbd6b	2005-07-28 14:06:16 +00:00
Love Hörnquist Åstrand	44cb7e1d74	add hdb_{,un}seal_key{,_mkey} from Andrew Bartlett <abartlet@samba.org> git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13427 ec53bebd-3082-4978-b11e-865c3cabbd6b	2004-03-06 18:58:22 +00:00
Love Hörnquist Åstrand	0540f13b86	prefix all struct HDB elements with hdb_ git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12880 ec53bebd-3082-4978-b11e-865c3cabbd6b	2003-09-19 00:25:35 +00:00
Love Hörnquist Åstrand	b6609c3d3b	(read_master_mit): krb5_ret_int16 takes a int16_t as argument git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12576 ec53bebd-3082-4978-b11e-865c3cabbd6b	2003-08-17 18:44:08 +00:00
Love Hörnquist Åstrand	6db34748ac	(hdb_unseal_keys_mkey): truncate key to the key length when key is longer then expected length, its probably longer since the encrypted data was padded, reported by Aidan Cully <aidan@kublai.com> git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11931 ec53bebd-3082-4978-b11e-865c3cabbd6b	2003-03-28 02:01:33 +00:00
Assar Westerlund	aa2bd6c196	(read_master_encryptionkey): use a proper type for len git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11107 ec53bebd-3082-4978-b11e-865c3cabbd6b	2002-08-16 18:59:49 +00:00
Jacques A. Vidrine	84ed3d7a7c	Fix a bug where kstash crashes if there is no krb5.conf git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10799 ec53bebd-3082-4978-b11e-865c3cabbd6b	2001-12-05 14:41:47 +00:00
Johan Danielsson	5f68cd1d3c	(hdb_set_master_keyfile): clear error string when not returning error git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10716 ec53bebd-3082-4978-b11e-865c3cabbd6b	2001-09-18 07:42:09 +00:00
Assar Westerlund	c7562eda65	add some more error strings git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10338 ec53bebd-3082-4978-b11e-865c3cabbd6b	2001-07-13 06:30:42 +00:00
Johan Danielsson	3bd196cf37	more set_error_string git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10335 ec53bebd-3082-4978-b11e-865c3cabbd6b	2001-07-12 10:52:26 +00:00
Johan Danielsson	ea426418be	(read_master_mit): set_error_string git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10334 ec53bebd-3082-4978-b11e-865c3cabbd6b	2001-07-12 10:40:43 +00:00
Assar Westerlund	0e0d1336bd	(hdb_unseal_keys_mkey, hdb_seal_keys_mkey, hdb_unseal_keys, hdb_seal_keys): check that we have the correct master key and that we manage to decrypt the key properly, returning an error code. fix all callers to check return value. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9594 ec53bebd-3082-4978-b11e-865c3cabbd6b	2001-01-30 01:20:57 +00:00
Johan Danielsson	e7f3feb49c	add support for reading krb4 /.k files git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9503 ec53bebd-3082-4978-b11e-865c3cabbd6b	2001-01-26 15:05:57 +00:00
Johan Danielsson	bea226bd5e	add key usage git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8613 ec53bebd-3082-4978-b11e-865c3cabbd6b	2000-07-08 16:03:59 +00:00
Johan Danielsson	7ddae03f39	(read_master_encryptionkey): handle old keytype based files, and convert the key to cfb64 git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8602 ec53bebd-3082-4978-b11e-865c3cabbd6b	2000-07-08 14:52:54 +00:00
Assar Westerlund	965da66604	(_hdb_unseal_keys_int, _hdb_seal_keys_int): rename and export them git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8592 ec53bebd-3082-4978-b11e-865c3cabbd6b	2000-07-08 13:39:31 +00:00
Johan Danielsson	2249e4157b	(hdb_read_master_key): set mkey to NULL before doing anything else git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8590 ec53bebd-3082-4978-b11e-865c3cabbd6b	2000-07-08 13:26:01 +00:00
Johan Danielsson	326dfb8181	(read_master_mit): fix this git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8552 ec53bebd-3082-4978-b11e-865c3cabbd6b	2000-07-05 19:27:48 +00:00
Johan Danielsson	0e3158a838	rewrite master key handling git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8546 ec53bebd-3082-4978-b11e-865c3cabbd6b	2000-07-05 13:08:13 +00:00

49 Commits