diff options
| author | Tom Yu <tlyu@mit.edu> | 1995-08-09 01:36:43 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 1995-08-09 01:36:43 +0000 |
| commit | 835d6c5ddb0f0c1603969b4a109297882d52bbcd (patch) | |
| tree | faa39e507aa9545ce9720a9df8d6484a515378c6 /src/lib/kdb/kdb_cpw.c | |
| parent | c14e04d59dd3624228a6aaf88b08df61e13f4429 (diff) | |
| download | krb5-835d6c5ddb0f0c1603969b4a109297882d52bbcd.tar.gz krb5-835d6c5ddb0f0c1603969b4a109297882d52bbcd.tar.xz krb5-835d6c5ddb0f0c1603969b4a109297882d52bbcd.zip | |
* kdb_cpw.c (add_key_rnd): remove bletcherous aggregate
initializer stuff and use build_principal_ext like we
should have in the first place to build the tgt principal.
Why are we using the TGS key to seed the random number generator?
This makes randomized service keys have data that is derived from the
TGS key. Do we really want that? Or am I missing something here?
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6474 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kdb/kdb_cpw.c')
| -rw-r--r-- | src/lib/kdb/kdb_cpw.c | 37 |
1 files changed, 15 insertions, 22 deletions
diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c index f507cc6d18..e75192f1c0 100644 --- a/src/lib/kdb/kdb_cpw.c +++ b/src/lib/kdb/kdb_cpw.c @@ -75,17 +75,7 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno) krb5_db_entry * db_entry; int kvno; { - krb5_data krbtgt_princ_entries[] = { - { 0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME }, - { 0, 0, 0 }, - }; - krb5_principal_data krbtgt_princ = { - 0, /* magic number */ - {0, 0, 0}, /* krb5_data realm */ - (krb5_data *) NULL, /* krb5_data *data */ - 2, /* int length */ - KRB5_NT_SRV_INST /* int type */ - }; + krb5_principal krbtgt_princ; krb5_keyblock krbtgt_keyblock, * key; krb5_pointer krbtgt_seed; krb5_encrypt_block krbtgt_eblock; @@ -94,20 +84,23 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno) int max_kvno, one, i, j; krb5_error_code retval; - krbtgt_princ.data = krbtgt_princ_entries; - krb5_princ_set_realm_length(context, &krbtgt_princ, - db_entry->princ->realm.length); - krb5_princ_set_realm_data(context, &krbtgt_princ, - db_entry->princ->realm.data); - krb5_princ_component(context, &krbtgt_princ, 1)->length = - db_entry->princ->realm.length; - krb5_princ_component(context, &krbtgt_princ, 1)->data = - db_entry->princ->realm.data; + retval = krb5_build_principal_ext(context, &krbtgt_princ, + db_entry->princ->realm.length, + db_entry->princ->realm.data, + KRB5_TGS_NAME_SIZE, + KRB5_TGS_NAME, + db_entry->princ->realm.length, + db_entry->princ->realm.data); + if (retval) + return retval; /* Get tgt from database */ - if (retval = krb5_db_get_principal(context, &krbtgt_princ, &krbtgt_entry, - &one, &more)) + retval = krb5_db_get_principal(context, krbtgt_princ, &krbtgt_entry, + &one, &more)) { + krb5_free_principal(krbtgt_princ); /* don't need it anymore */ + if (retval) return(retval); + } if ((one > 1) || (more)) { krb5_db_free_principal(context, &krbtgt_entry, one); return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; |