1*0a6a1f1dSLionel Sambuc /* $NetBSD: keys.c,v 1.3 2014/11/26 10:12:27 pettai Exp $ */
2ebfedea0SLionel Sambuc
3ebfedea0SLionel Sambuc
4ebfedea0SLionel Sambuc /*
5ebfedea0SLionel Sambuc * Copyright (c) 1997 - 2001, 2003 - 2004 Kungliga Tekniska Högskolan
6ebfedea0SLionel Sambuc * (Royal Institute of Technology, Stockholm, Sweden).
7ebfedea0SLionel Sambuc * All rights reserved.
8ebfedea0SLionel Sambuc *
9ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without
10ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions
11ebfedea0SLionel Sambuc * are met:
12ebfedea0SLionel Sambuc *
13ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright
14ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer.
15ebfedea0SLionel Sambuc *
16ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright
17ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in the
18ebfedea0SLionel Sambuc * documentation and/or other materials provided with the distribution.
19ebfedea0SLionel Sambuc *
20ebfedea0SLionel Sambuc * 3. Neither the name of the Institute nor the names of its contributors
21ebfedea0SLionel Sambuc * may be used to endorse or promote products derived from this software
22ebfedea0SLionel Sambuc * without specific prior written permission.
23ebfedea0SLionel Sambuc *
24ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
25ebfedea0SLionel Sambuc * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27ebfedea0SLionel Sambuc * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
28ebfedea0SLionel Sambuc * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29ebfedea0SLionel Sambuc * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30ebfedea0SLionel Sambuc * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32ebfedea0SLionel Sambuc * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33ebfedea0SLionel Sambuc * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34ebfedea0SLionel Sambuc * SUCH DAMAGE.
35ebfedea0SLionel Sambuc */
36ebfedea0SLionel Sambuc
37ebfedea0SLionel Sambuc #include "hdb_locl.h"
38ebfedea0SLionel Sambuc
39ebfedea0SLionel Sambuc /*
40ebfedea0SLionel Sambuc * free all the memory used by (len, keys)
41ebfedea0SLionel Sambuc */
42ebfedea0SLionel Sambuc
43ebfedea0SLionel Sambuc void
hdb_free_keys(krb5_context context,int len,Key * keys)44ebfedea0SLionel Sambuc hdb_free_keys (krb5_context context, int len, Key *keys)
45ebfedea0SLionel Sambuc {
46ebfedea0SLionel Sambuc int i;
47ebfedea0SLionel Sambuc
48ebfedea0SLionel Sambuc for (i = 0; i < len; i++) {
49ebfedea0SLionel Sambuc free(keys[i].mkvno);
50ebfedea0SLionel Sambuc keys[i].mkvno = NULL;
51ebfedea0SLionel Sambuc if (keys[i].salt != NULL) {
52ebfedea0SLionel Sambuc free_Salt(keys[i].salt);
53ebfedea0SLionel Sambuc free(keys[i].salt);
54ebfedea0SLionel Sambuc keys[i].salt = NULL;
55ebfedea0SLionel Sambuc }
56ebfedea0SLionel Sambuc krb5_free_keyblock_contents(context, &keys[i].key);
57ebfedea0SLionel Sambuc }
58ebfedea0SLionel Sambuc free (keys);
59ebfedea0SLionel Sambuc }
60ebfedea0SLionel Sambuc
61ebfedea0SLionel Sambuc /*
62ebfedea0SLionel Sambuc * for each entry in `default_keys' try to parse it as a sequence
63ebfedea0SLionel Sambuc * of etype:salttype:salt, syntax of this if something like:
64ebfedea0SLionel Sambuc * [(des|des3|etype):](pw-salt|afs3)[:string], if etype is omitted it
65ebfedea0SLionel Sambuc * means all etypes, and if string is omitted is means the default
66ebfedea0SLionel Sambuc * string (for that principal). Additional special values:
67ebfedea0SLionel Sambuc * v5 == pw-salt, and
68ebfedea0SLionel Sambuc * v4 == des:pw-salt:
69ebfedea0SLionel Sambuc * afs or afs3 == des:afs3-salt
70ebfedea0SLionel Sambuc */
71ebfedea0SLionel Sambuc
72ebfedea0SLionel Sambuc static const krb5_enctype des_etypes[] = {
73ebfedea0SLionel Sambuc ETYPE_DES_CBC_MD5,
74ebfedea0SLionel Sambuc ETYPE_DES_CBC_MD4,
75ebfedea0SLionel Sambuc ETYPE_DES_CBC_CRC
76ebfedea0SLionel Sambuc };
77ebfedea0SLionel Sambuc
78ebfedea0SLionel Sambuc static const krb5_enctype all_etypes[] = {
79ebfedea0SLionel Sambuc ETYPE_AES256_CTS_HMAC_SHA1_96,
80*0a6a1f1dSLionel Sambuc ETYPE_DES3_CBC_SHA1,
81*0a6a1f1dSLionel Sambuc ETYPE_ARCFOUR_HMAC_MD5
82ebfedea0SLionel Sambuc };
83ebfedea0SLionel Sambuc
84ebfedea0SLionel Sambuc static krb5_error_code
parse_key_set(krb5_context context,const char * key,krb5_enctype ** ret_enctypes,size_t * ret_num_enctypes,krb5_salt * salt,krb5_principal principal)85ebfedea0SLionel Sambuc parse_key_set(krb5_context context, const char *key,
86ebfedea0SLionel Sambuc krb5_enctype **ret_enctypes, size_t *ret_num_enctypes,
87ebfedea0SLionel Sambuc krb5_salt *salt, krb5_principal principal)
88ebfedea0SLionel Sambuc {
89ebfedea0SLionel Sambuc const char *p;
90ebfedea0SLionel Sambuc char buf[3][256];
91ebfedea0SLionel Sambuc int num_buf = 0;
92ebfedea0SLionel Sambuc int i, num_enctypes = 0;
93ebfedea0SLionel Sambuc krb5_enctype e;
94ebfedea0SLionel Sambuc const krb5_enctype *enctypes = NULL;
95ebfedea0SLionel Sambuc krb5_error_code ret;
96ebfedea0SLionel Sambuc
97ebfedea0SLionel Sambuc p = key;
98ebfedea0SLionel Sambuc
99ebfedea0SLionel Sambuc *ret_enctypes = NULL;
100ebfedea0SLionel Sambuc *ret_num_enctypes = 0;
101ebfedea0SLionel Sambuc
102ebfedea0SLionel Sambuc /* split p in a list of :-separated strings */
103ebfedea0SLionel Sambuc for(num_buf = 0; num_buf < 3; num_buf++)
104ebfedea0SLionel Sambuc if(strsep_copy(&p, ":", buf[num_buf], sizeof(buf[num_buf])) == -1)
105ebfedea0SLionel Sambuc break;
106ebfedea0SLionel Sambuc
107ebfedea0SLionel Sambuc salt->saltvalue.data = NULL;
108ebfedea0SLionel Sambuc salt->saltvalue.length = 0;
109ebfedea0SLionel Sambuc
110ebfedea0SLionel Sambuc for(i = 0; i < num_buf; i++) {
111ebfedea0SLionel Sambuc if(enctypes == NULL && num_buf > 1) {
112ebfedea0SLionel Sambuc /* this might be a etype specifier */
113ebfedea0SLionel Sambuc /* XXX there should be a string_to_etypes handling
114ebfedea0SLionel Sambuc special cases like `des' and `all' */
115ebfedea0SLionel Sambuc if(strcmp(buf[i], "des") == 0) {
116ebfedea0SLionel Sambuc enctypes = des_etypes;
117ebfedea0SLionel Sambuc num_enctypes = sizeof(des_etypes)/sizeof(des_etypes[0]);
118ebfedea0SLionel Sambuc } else if(strcmp(buf[i], "des3") == 0) {
119ebfedea0SLionel Sambuc e = ETYPE_DES3_CBC_SHA1;
120ebfedea0SLionel Sambuc enctypes = &e;
121ebfedea0SLionel Sambuc num_enctypes = 1;
122ebfedea0SLionel Sambuc } else {
123ebfedea0SLionel Sambuc ret = krb5_string_to_enctype(context, buf[i], &e);
124ebfedea0SLionel Sambuc if (ret == 0) {
125ebfedea0SLionel Sambuc enctypes = &e;
126ebfedea0SLionel Sambuc num_enctypes = 1;
127ebfedea0SLionel Sambuc } else
128ebfedea0SLionel Sambuc return ret;
129ebfedea0SLionel Sambuc }
130ebfedea0SLionel Sambuc continue;
131ebfedea0SLionel Sambuc }
132ebfedea0SLionel Sambuc if(salt->salttype == 0) {
133ebfedea0SLionel Sambuc /* interpret string as a salt specifier, if no etype
134ebfedea0SLionel Sambuc is set, this sets default values */
135ebfedea0SLionel Sambuc /* XXX should perhaps use string_to_salttype, but that
136ebfedea0SLionel Sambuc interface sucks */
137ebfedea0SLionel Sambuc if(strcmp(buf[i], "pw-salt") == 0) {
138ebfedea0SLionel Sambuc if(enctypes == NULL) {
139ebfedea0SLionel Sambuc enctypes = all_etypes;
140ebfedea0SLionel Sambuc num_enctypes = sizeof(all_etypes)/sizeof(all_etypes[0]);
141ebfedea0SLionel Sambuc }
142ebfedea0SLionel Sambuc salt->salttype = KRB5_PW_SALT;
143ebfedea0SLionel Sambuc } else if(strcmp(buf[i], "afs3-salt") == 0) {
144ebfedea0SLionel Sambuc if(enctypes == NULL) {
145ebfedea0SLionel Sambuc enctypes = des_etypes;
146ebfedea0SLionel Sambuc num_enctypes = sizeof(des_etypes)/sizeof(des_etypes[0]);
147ebfedea0SLionel Sambuc }
148ebfedea0SLionel Sambuc salt->salttype = KRB5_AFS3_SALT;
149ebfedea0SLionel Sambuc }
150ebfedea0SLionel Sambuc continue;
151ebfedea0SLionel Sambuc }
152ebfedea0SLionel Sambuc
153ebfedea0SLionel Sambuc {
154ebfedea0SLionel Sambuc /* if there is a final string, use it as the string to
155ebfedea0SLionel Sambuc salt with, this is mostly useful with null salt for
156ebfedea0SLionel Sambuc v4 compat, and a cell name for afs compat */
157ebfedea0SLionel Sambuc salt->saltvalue.data = strdup(buf[i]);
158ebfedea0SLionel Sambuc if (salt->saltvalue.data == NULL) {
159ebfedea0SLionel Sambuc krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
160ebfedea0SLionel Sambuc return ENOMEM;
161ebfedea0SLionel Sambuc }
162ebfedea0SLionel Sambuc salt->saltvalue.length = strlen(buf[i]);
163ebfedea0SLionel Sambuc }
164ebfedea0SLionel Sambuc }
165ebfedea0SLionel Sambuc
166ebfedea0SLionel Sambuc if(enctypes == NULL || salt->salttype == 0) {
167ebfedea0SLionel Sambuc krb5_set_error_message(context, EINVAL, "bad value for default_keys `%s'", key);
168ebfedea0SLionel Sambuc return EINVAL;
169ebfedea0SLionel Sambuc }
170ebfedea0SLionel Sambuc
171ebfedea0SLionel Sambuc /* if no salt was specified make up default salt */
172ebfedea0SLionel Sambuc if(salt->saltvalue.data == NULL) {
173ebfedea0SLionel Sambuc if(salt->salttype == KRB5_PW_SALT)
174ebfedea0SLionel Sambuc ret = krb5_get_pw_salt(context, principal, salt);
175ebfedea0SLionel Sambuc else if(salt->salttype == KRB5_AFS3_SALT) {
176ebfedea0SLionel Sambuc krb5_const_realm realm = krb5_principal_get_realm(context, principal);
177ebfedea0SLionel Sambuc salt->saltvalue.data = strdup(realm);
178ebfedea0SLionel Sambuc if(salt->saltvalue.data == NULL) {
179ebfedea0SLionel Sambuc krb5_set_error_message(context, ENOMEM,
180ebfedea0SLionel Sambuc "out of memory while "
181ebfedea0SLionel Sambuc "parsing salt specifiers");
182ebfedea0SLionel Sambuc return ENOMEM;
183ebfedea0SLionel Sambuc }
184ebfedea0SLionel Sambuc strlwr(salt->saltvalue.data);
185ebfedea0SLionel Sambuc salt->saltvalue.length = strlen(realm);
186ebfedea0SLionel Sambuc }
187ebfedea0SLionel Sambuc }
188ebfedea0SLionel Sambuc
189ebfedea0SLionel Sambuc *ret_enctypes = malloc(sizeof(enctypes[0]) * num_enctypes);
190ebfedea0SLionel Sambuc if (*ret_enctypes == NULL) {
191ebfedea0SLionel Sambuc krb5_free_salt(context, *salt);
192ebfedea0SLionel Sambuc krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
193ebfedea0SLionel Sambuc return ENOMEM;
194ebfedea0SLionel Sambuc }
195ebfedea0SLionel Sambuc memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * num_enctypes);
196ebfedea0SLionel Sambuc *ret_num_enctypes = num_enctypes;
197ebfedea0SLionel Sambuc
198ebfedea0SLionel Sambuc return 0;
199ebfedea0SLionel Sambuc }
200ebfedea0SLionel Sambuc
201ebfedea0SLionel Sambuc static krb5_error_code
add_enctype_to_key_set(Key ** key_set,size_t * nkeyset,krb5_enctype enctype,krb5_salt * salt)202ebfedea0SLionel Sambuc add_enctype_to_key_set(Key **key_set, size_t *nkeyset,
203ebfedea0SLionel Sambuc krb5_enctype enctype, krb5_salt *salt)
204ebfedea0SLionel Sambuc {
205ebfedea0SLionel Sambuc krb5_error_code ret;
206ebfedea0SLionel Sambuc Key key, *tmp;
207ebfedea0SLionel Sambuc
208ebfedea0SLionel Sambuc memset(&key, 0, sizeof(key));
209ebfedea0SLionel Sambuc
210ebfedea0SLionel Sambuc tmp = realloc(*key_set, (*nkeyset + 1) * sizeof((*key_set)[0]));
211ebfedea0SLionel Sambuc if (tmp == NULL)
212ebfedea0SLionel Sambuc return ENOMEM;
213ebfedea0SLionel Sambuc
214ebfedea0SLionel Sambuc *key_set = tmp;
215ebfedea0SLionel Sambuc
216ebfedea0SLionel Sambuc key.key.keytype = enctype;
217ebfedea0SLionel Sambuc key.key.keyvalue.length = 0;
218ebfedea0SLionel Sambuc key.key.keyvalue.data = NULL;
219ebfedea0SLionel Sambuc
220ebfedea0SLionel Sambuc if (salt) {
221ebfedea0SLionel Sambuc key.salt = calloc(1, sizeof(*key.salt));
222ebfedea0SLionel Sambuc if (key.salt == NULL) {
223ebfedea0SLionel Sambuc free_Key(&key);
224ebfedea0SLionel Sambuc return ENOMEM;
225ebfedea0SLionel Sambuc }
226ebfedea0SLionel Sambuc
227ebfedea0SLionel Sambuc key.salt->type = salt->salttype;
228ebfedea0SLionel Sambuc krb5_data_zero (&key.salt->salt);
229ebfedea0SLionel Sambuc
230ebfedea0SLionel Sambuc ret = krb5_data_copy(&key.salt->salt,
231ebfedea0SLionel Sambuc salt->saltvalue.data,
232ebfedea0SLionel Sambuc salt->saltvalue.length);
233ebfedea0SLionel Sambuc if (ret) {
234ebfedea0SLionel Sambuc free_Key(&key);
235ebfedea0SLionel Sambuc return ret;
236ebfedea0SLionel Sambuc }
237ebfedea0SLionel Sambuc } else
238ebfedea0SLionel Sambuc key.salt = NULL;
239ebfedea0SLionel Sambuc
240ebfedea0SLionel Sambuc (*key_set)[*nkeyset] = key;
241ebfedea0SLionel Sambuc
242ebfedea0SLionel Sambuc *nkeyset += 1;
243ebfedea0SLionel Sambuc
244ebfedea0SLionel Sambuc return 0;
245ebfedea0SLionel Sambuc }
246ebfedea0SLionel Sambuc
247ebfedea0SLionel Sambuc
248ebfedea0SLionel Sambuc /*
249ebfedea0SLionel Sambuc * Generate the `key_set' from the [kadmin]default_keys statement. If
250ebfedea0SLionel Sambuc * `no_salt' is set, salt is not important (and will not be set) since
251ebfedea0SLionel Sambuc * it's random keys that is going to be created.
252ebfedea0SLionel Sambuc */
253ebfedea0SLionel Sambuc
254ebfedea0SLionel Sambuc krb5_error_code
hdb_generate_key_set(krb5_context context,krb5_principal principal,Key ** ret_key_set,size_t * nkeyset,int no_salt)255ebfedea0SLionel Sambuc hdb_generate_key_set(krb5_context context, krb5_principal principal,
256ebfedea0SLionel Sambuc Key **ret_key_set, size_t *nkeyset, int no_salt)
257ebfedea0SLionel Sambuc {
258ebfedea0SLionel Sambuc char **ktypes, **kp;
259ebfedea0SLionel Sambuc krb5_error_code ret;
260ebfedea0SLionel Sambuc Key *k, *key_set;
261*0a6a1f1dSLionel Sambuc size_t i, j;
262*0a6a1f1dSLionel Sambuc static const char *default_keytypes[] = {
263ebfedea0SLionel Sambuc "aes256-cts-hmac-sha1-96:pw-salt",
264ebfedea0SLionel Sambuc "des3-cbc-sha1:pw-salt",
265ebfedea0SLionel Sambuc "arcfour-hmac-md5:pw-salt",
266ebfedea0SLionel Sambuc NULL
267ebfedea0SLionel Sambuc };
268ebfedea0SLionel Sambuc
269ebfedea0SLionel Sambuc ktypes = krb5_config_get_strings(context, NULL, "kadmin",
270ebfedea0SLionel Sambuc "default_keys", NULL);
271ebfedea0SLionel Sambuc if (ktypes == NULL)
272*0a6a1f1dSLionel Sambuc ktypes = (char **)(intptr_t)default_keytypes;
273ebfedea0SLionel Sambuc
274ebfedea0SLionel Sambuc *ret_key_set = key_set = NULL;
275ebfedea0SLionel Sambuc *nkeyset = 0;
276ebfedea0SLionel Sambuc
277ebfedea0SLionel Sambuc ret = 0;
278ebfedea0SLionel Sambuc
279ebfedea0SLionel Sambuc for(kp = ktypes; kp && *kp; kp++) {
280ebfedea0SLionel Sambuc const char *p;
281ebfedea0SLionel Sambuc krb5_salt salt;
282ebfedea0SLionel Sambuc krb5_enctype *enctypes;
283ebfedea0SLionel Sambuc size_t num_enctypes;
284ebfedea0SLionel Sambuc
285ebfedea0SLionel Sambuc p = *kp;
286ebfedea0SLionel Sambuc /* check alias */
287ebfedea0SLionel Sambuc if(strcmp(p, "v5") == 0)
288ebfedea0SLionel Sambuc p = "pw-salt";
289ebfedea0SLionel Sambuc else if(strcmp(p, "v4") == 0)
290ebfedea0SLionel Sambuc p = "des:pw-salt:";
291ebfedea0SLionel Sambuc else if(strcmp(p, "afs") == 0 || strcmp(p, "afs3") == 0)
292ebfedea0SLionel Sambuc p = "des:afs3-salt";
293ebfedea0SLionel Sambuc else if (strcmp(p, "arcfour-hmac-md5") == 0)
294ebfedea0SLionel Sambuc p = "arcfour-hmac-md5:pw-salt";
295ebfedea0SLionel Sambuc
296ebfedea0SLionel Sambuc memset(&salt, 0, sizeof(salt));
297ebfedea0SLionel Sambuc
298ebfedea0SLionel Sambuc ret = parse_key_set(context, p,
299ebfedea0SLionel Sambuc &enctypes, &num_enctypes, &salt, principal);
300ebfedea0SLionel Sambuc if (ret) {
301ebfedea0SLionel Sambuc krb5_warn(context, ret, "bad value for default_keys `%s'", *kp);
302ebfedea0SLionel Sambuc ret = 0;
303ebfedea0SLionel Sambuc continue;
304ebfedea0SLionel Sambuc }
305ebfedea0SLionel Sambuc
306ebfedea0SLionel Sambuc for (i = 0; i < num_enctypes; i++) {
307ebfedea0SLionel Sambuc /* find duplicates */
308ebfedea0SLionel Sambuc for (j = 0; j < *nkeyset; j++) {
309ebfedea0SLionel Sambuc
310ebfedea0SLionel Sambuc k = &key_set[j];
311ebfedea0SLionel Sambuc
312ebfedea0SLionel Sambuc if (k->key.keytype == enctypes[i]) {
313ebfedea0SLionel Sambuc if (no_salt)
314ebfedea0SLionel Sambuc break;
315ebfedea0SLionel Sambuc if (k->salt == NULL && salt.salttype == KRB5_PW_SALT)
316ebfedea0SLionel Sambuc break;
317ebfedea0SLionel Sambuc if (k->salt->type == salt.salttype &&
318ebfedea0SLionel Sambuc k->salt->salt.length == salt.saltvalue.length &&
319ebfedea0SLionel Sambuc memcmp(k->salt->salt.data, salt.saltvalue.data,
320ebfedea0SLionel Sambuc salt.saltvalue.length) == 0)
321ebfedea0SLionel Sambuc break;
322ebfedea0SLionel Sambuc }
323ebfedea0SLionel Sambuc }
324ebfedea0SLionel Sambuc /* not a duplicate, lets add it */
325ebfedea0SLionel Sambuc if (j == *nkeyset) {
326ebfedea0SLionel Sambuc ret = add_enctype_to_key_set(&key_set, nkeyset, enctypes[i],
327ebfedea0SLionel Sambuc no_salt ? NULL : &salt);
328ebfedea0SLionel Sambuc if (ret) {
329ebfedea0SLionel Sambuc free(enctypes);
330ebfedea0SLionel Sambuc krb5_free_salt(context, salt);
331ebfedea0SLionel Sambuc goto out;
332ebfedea0SLionel Sambuc }
333ebfedea0SLionel Sambuc }
334ebfedea0SLionel Sambuc }
335ebfedea0SLionel Sambuc free(enctypes);
336ebfedea0SLionel Sambuc krb5_free_salt(context, salt);
337ebfedea0SLionel Sambuc }
338ebfedea0SLionel Sambuc
339ebfedea0SLionel Sambuc *ret_key_set = key_set;
340ebfedea0SLionel Sambuc
341ebfedea0SLionel Sambuc out:
342*0a6a1f1dSLionel Sambuc if (ktypes != (char **)(intptr_t)default_keytypes)
343ebfedea0SLionel Sambuc krb5_config_free_strings(ktypes);
344ebfedea0SLionel Sambuc
345ebfedea0SLionel Sambuc if (ret) {
346ebfedea0SLionel Sambuc krb5_warn(context, ret,
347ebfedea0SLionel Sambuc "failed to parse the [kadmin]default_keys values");
348ebfedea0SLionel Sambuc
349ebfedea0SLionel Sambuc for (i = 0; i < *nkeyset; i++)
350ebfedea0SLionel Sambuc free_Key(&key_set[i]);
351ebfedea0SLionel Sambuc free(key_set);
352ebfedea0SLionel Sambuc } else if (*nkeyset == 0) {
353ebfedea0SLionel Sambuc krb5_warnx(context,
354ebfedea0SLionel Sambuc "failed to parse any of the [kadmin]default_keys values");
355ebfedea0SLionel Sambuc ret = EINVAL; /* XXX */
356ebfedea0SLionel Sambuc }
357ebfedea0SLionel Sambuc
358ebfedea0SLionel Sambuc return ret;
359ebfedea0SLionel Sambuc }
360ebfedea0SLionel Sambuc
361ebfedea0SLionel Sambuc
362ebfedea0SLionel Sambuc krb5_error_code
hdb_generate_key_set_password(krb5_context context,krb5_principal principal,const char * password,Key ** keys,size_t * num_keys)363ebfedea0SLionel Sambuc hdb_generate_key_set_password(krb5_context context,
364ebfedea0SLionel Sambuc krb5_principal principal,
365ebfedea0SLionel Sambuc const char *password,
366ebfedea0SLionel Sambuc Key **keys, size_t *num_keys)
367ebfedea0SLionel Sambuc {
368ebfedea0SLionel Sambuc krb5_error_code ret;
369*0a6a1f1dSLionel Sambuc size_t i;
370ebfedea0SLionel Sambuc
371ebfedea0SLionel Sambuc ret = hdb_generate_key_set(context, principal,
372ebfedea0SLionel Sambuc keys, num_keys, 0);
373ebfedea0SLionel Sambuc if (ret)
374ebfedea0SLionel Sambuc return ret;
375ebfedea0SLionel Sambuc
376ebfedea0SLionel Sambuc for (i = 0; i < (*num_keys); i++) {
377ebfedea0SLionel Sambuc krb5_salt salt;
378ebfedea0SLionel Sambuc
379ebfedea0SLionel Sambuc salt.salttype = (*keys)[i].salt->type;
380ebfedea0SLionel Sambuc salt.saltvalue.length = (*keys)[i].salt->salt.length;
381ebfedea0SLionel Sambuc salt.saltvalue.data = (*keys)[i].salt->salt.data;
382ebfedea0SLionel Sambuc
383ebfedea0SLionel Sambuc ret = krb5_string_to_key_salt (context,
384ebfedea0SLionel Sambuc (*keys)[i].key.keytype,
385ebfedea0SLionel Sambuc password,
386ebfedea0SLionel Sambuc salt,
387ebfedea0SLionel Sambuc &(*keys)[i].key);
388ebfedea0SLionel Sambuc
389ebfedea0SLionel Sambuc if(ret)
390ebfedea0SLionel Sambuc break;
391ebfedea0SLionel Sambuc }
392ebfedea0SLionel Sambuc
393ebfedea0SLionel Sambuc if(ret) {
394ebfedea0SLionel Sambuc hdb_free_keys (context, *num_keys, *keys);
395ebfedea0SLionel Sambuc return ret;
396ebfedea0SLionel Sambuc }
397ebfedea0SLionel Sambuc return ret;
398ebfedea0SLionel Sambuc }
399