diff options
author | Tom Yu <tlyu@mit.edu> | 1995-08-09 01:36:43 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 1995-08-09 01:36:43 +0000 |
commit | 835d6c5ddb0f0c1603969b4a109297882d52bbcd (patch) | |
tree | faa39e507aa9545ce9720a9df8d6484a515378c6 | |
parent | c14e04d59dd3624228a6aaf88b08df61e13f4429 (diff) | |
download | krb5-835d6c5ddb0f0c1603969b4a109297882d52bbcd.tar.gz krb5-835d6c5ddb0f0c1603969b4a109297882d52bbcd.tar.xz krb5-835d6c5ddb0f0c1603969b4a109297882d52bbcd.zip |
* kdb_cpw.c (add_key_rnd): remove bletcherous aggregate
initializer stuff and use build_principal_ext like we
should have in the first place to build the tgt principal.
Why are we using the TGS key to seed the random number generator?
This makes randomized service keys have data that is derived from the
TGS key. Do we really want that? Or am I missing something here?
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6474 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/kdb/ChangeLog | 5 | ||||
-rw-r--r-- | src/lib/kdb/kdb_cpw.c | 37 |
2 files changed, 20 insertions, 22 deletions
diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog index 5c11b12081..fbf9815cea 100644 --- a/src/lib/kdb/ChangeLog +++ b/src/lib/kdb/ChangeLog @@ -1,3 +1,8 @@ +Tue Aug 8 21:32:30 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU> + + * kdb_cpw.c (add_key_rnd): remove bletcherous aggregate + initializer stuff and use build_principal_ext like we + should have in the first place to build the tgt principal. Tue Aug 8 17:35:58 EDT 1995 Paul Park (pjpark@mit.edu) * encrypt_key.c - When allocating the actual key_data_contents use the diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c index f507cc6d18..e75192f1c0 100644 --- a/src/lib/kdb/kdb_cpw.c +++ b/src/lib/kdb/kdb_cpw.c @@ -75,17 +75,7 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno) krb5_db_entry * db_entry; int kvno; { - krb5_data krbtgt_princ_entries[] = { - { 0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME }, - { 0, 0, 0 }, - }; - krb5_principal_data krbtgt_princ = { - 0, /* magic number */ - {0, 0, 0}, /* krb5_data realm */ - (krb5_data *) NULL, /* krb5_data *data */ - 2, /* int length */ - KRB5_NT_SRV_INST /* int type */ - }; + krb5_principal krbtgt_princ; krb5_keyblock krbtgt_keyblock, * key; krb5_pointer krbtgt_seed; krb5_encrypt_block krbtgt_eblock; @@ -94,20 +84,23 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno) int max_kvno, one, i, j; krb5_error_code retval; - krbtgt_princ.data = krbtgt_princ_entries; - krb5_princ_set_realm_length(context, &krbtgt_princ, - db_entry->princ->realm.length); - krb5_princ_set_realm_data(context, &krbtgt_princ, - db_entry->princ->realm.data); - krb5_princ_component(context, &krbtgt_princ, 1)->length = - db_entry->princ->realm.length; - krb5_princ_component(context, &krbtgt_princ, 1)->data = - db_entry->princ->realm.data; + retval = krb5_build_principal_ext(context, &krbtgt_princ, + db_entry->princ->realm.length, + db_entry->princ->realm.data, + KRB5_TGS_NAME_SIZE, + KRB5_TGS_NAME, + db_entry->princ->realm.length, + db_entry->princ->realm.data); + if (retval) + return retval; /* Get tgt from database */ - if (retval = krb5_db_get_principal(context, &krbtgt_princ, &krbtgt_entry, - &one, &more)) + retval = krb5_db_get_principal(context, krbtgt_princ, &krbtgt_entry, + &one, &more)) { + krb5_free_principal(krbtgt_princ); /* don't need it anymore */ + if (retval) return(retval); + } if ((one > 1) || (more)) { krb5_db_free_principal(context, &krbtgt_entry, one); return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; |