8
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
9
* Use is subject to license terms.
7
12
#if !defined(lint) && !defined(__CODECENTER__)
8
13
static char *rcsid = "$Header$";
15
20
#include "server_internal.h"
17
22
krb5_principal master_princ;
18
krb5_keyblock master_keyblock;
23
krb5_keyblock master_keyblock; /* local mkey */
24
krb5_keylist_node *master_keylist = NULL;
25
krb5_actkvno_node *active_mkey_list = NULL;
19
26
krb5_db_entry master_db;
21
28
krb5_principal hist_princ;
51
59
master_keyblock.enctype = handle->params.enctype;
62
* Fetch the local mkey, may not be the latest but that's okay because we
63
* really want the list of all mkeys and those can be retrieved with any
53
66
ret = krb5_db_fetch_mkey(handle->context, master_princ,
54
67
master_keyblock.enctype, from_kbd,
55
68
FALSE /* only prompt once */,
56
69
handle->params.stash_file,
70
&mkvno /* get the kvno of the returned mkey */,
57
71
NULL /* I'm not sure about this,
58
72
but it's what the kdc does --marc */,
77
#if 0 /************** Begin IFDEF'ed OUT *******************************/
79
* krb5_db_fetch_mkey_list will verify mkey so don't call
80
* krb5_db_verify_master_key()
63
82
if ((ret = krb5_db_verify_master_key(handle->context, master_princ,
83
IGNORE_VNO, &master_keyblock))) {
65
84
krb5_db_fini(handle->context);
87
#endif /**************** END IFDEF'ed OUT *******************************/
89
if ((ret = krb5_db_fetch_mkey_list(handle->context, master_princ,
90
&master_keyblock, mkvno, &master_keylist))) {
91
krb5_db_fini(handle->context);
95
if ((ret = krb5_dbe_fetch_act_key_list(handle->context, master_princ,
96
&active_mkey_list))) {
97
krb5_db_fini(handle->context);
116
if ((hist_name = (char *) malloc(strlen(KADM5_HIST_PRINCIPAL) +
117
strlen(realm) + 2)) == NULL)
149
if (asprintf(&hist_name, "%s@%s", KADM5_HIST_PRINCIPAL, realm) < 0) {
120
(void) sprintf(hist_name, "%s@%s", KADM5_HIST_PRINCIPAL, realm);
122
154
if ((ret = krb5_parse_name(handle->context, hist_name, &hist_princ)))
180
ret = krb5_dbekd_decrypt_key_data(handle->context, &master_keyblock,
212
ret = krb5_dbe_find_mkey(handle->context, master_keylist, &hist_db,
217
ret = krb5_dbekd_decrypt_key_data(handle->context, tmp_mkey,
181
218
key_data, &hist_key, NULL);