Modify random salt creation for interoperability

See:
https://fedorahosted.org/freeipa/ticket/2038

1 files changed, 29 insertions, 8 deletions

diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
index 5b6fc5821..ba9d3cefc 100644
--- a/util/ipa_krb5.c
+++ b/util/ipa_krb5.c
@@ -9,6 +9,34 @@
 /* Salt types */
 #define KRB5P_SALT_SIZE 16
 
+static krb5_error_code ipa_get_random_salt(krb5_context krbctx,
+                                           krb5_data *salt)
+{
+    krb5_error_code kerr;
+    int i;
+
+    /* make random salt */
+    salt->length = KRB5P_SALT_SIZE;
+    salt->data = malloc(KRB5P_SALT_SIZE);
+    if (!salt->data) {
+        return ENOMEM;
+    }
+    kerr = krb5_c_random_make_octets(krbctx, salt);
+    if (kerr) {
+        return kerr;
+    }
+
+    /* Windows treats the salt as a string.
+     * To avoid any compatibility issue, limits octects only to
+     * the ASCII printable range, or 0x20 <= val <= 0x7E */
+    for (i = 0; i < salt->length; i++) {
+        salt->data[i] %= 0x5E; /* 7E - 20 */
+        salt->data[i] += 0x20; /* add base */
+    }
+
+    return 0;
+}
+
 void
 ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val)
 {
@@ -125,14 +153,7 @@ krb5_error_code ipa_krb5_generate_key_data(krb5_context krbctx,
 
         case KRB5_KDB_SALTTYPE_SPECIAL:
 
-            /* make random salt */
-            salt.length = KRB5P_SALT_SIZE;
-            salt.data = malloc(KRB5P_SALT_SIZE);
-            if (!salt.data) {
-                kerr = ENOMEM;
-                goto done;
-            }
-            kerr = krb5_c_random_make_octets(krbctx, &salt);
+            kerr = ipa_get_random_salt(krbctx, &salt);
             if (kerr) {
                 goto done;
             }