diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-04-27 21:11:04 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-04-27 21:11:04 +0000 |
| commit | bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41 (patch) | |
| tree | 9921ea248714b444781e3cb25e12842f55b3d2a8 /src/lib/kdb | |
| parent | b886919f6478e8c55811c5b790cb5a4a69f9c341 (diff) | |
| download | krb5-bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41.tar.gz krb5-bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41.tar.xz krb5-bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41.zip | |
Stop using SALT_TYPE_AFS_LENGTH
In krb5_init_creds_ctx and krb5_clpreauth_rock_st, use a boolean to
track whether we're still using the default salt instead of
overloading salt.length. In preauth2.c, process afs3 salt values like
we would in krb5int_des_string_to_key, and set an s2kparams indicator
instead of overloading salt.length. Also use an s2kparams indicator
in kdb_cpw.c's add_key_pwd. Remove the s2k code to handle overloaded
salt lengths, except for a sanity check.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25837 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kdb')
| -rw-r--r-- | src/lib/kdb/kdb_cpw.c | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c index abaae4f7c4..7b00fcf5f3 100644 --- a/src/lib/kdb/kdb_cpw.c +++ b/src/lib/kdb/kdb_cpw.c @@ -389,6 +389,7 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, krb5_keysalt key_salt; krb5_keyblock key; krb5_data pwd; + krb5_data afs_params = string2data("\1"), *s2k_params = NULL; int i, j, k; krb5_key_data tmp_key_data; krb5_key_data *tptr; @@ -452,15 +453,12 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, key_salt.data.data = 0; break; case KRB5_KDB_SALTTYPE_AFS3: - /* The afs_mit_string_to_key needs to use strlen, and the - realm field is not (necessarily) NULL terminated. */ - retval = krb5int_copy_data_contents_add0(context, - krb5_princ_realm(context, - db_entry->princ), - &key_salt.data); + retval = krb5int_copy_data_contents(context, + &db_entry->princ->realm, + &key_salt.data); if (retval) return retval; - key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/ + s2k_params = &afs_params; break; case KRB5_KDB_SALTTYPE_SPECIAL: retval = make_random_salt(context, &key_salt); @@ -474,18 +472,15 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, pwd.data = passwd; pwd.length = strlen(passwd); - /* AFS string to key will happen here */ - if ((retval = krb5_c_string_to_key(context, ks_tuple[i].ks_enctype, - &pwd, &key_salt.data, &key))) { - if (key_salt.data.data) - free(key_salt.data.data); - return(retval); + retval = krb5_c_string_to_key_with_params(context, + ks_tuple[i].ks_enctype, + &pwd, &key_salt.data, + s2k_params, &key); + if (retval) { + free(key_salt.data.data); + return retval; } - if (key_salt.data.length == SALT_TYPE_AFS_LENGTH) - key_salt.data.length = - krb5_princ_realm(context, db_entry->princ)->length; - /* memory allocation to be done by db. So, use temporary block and later copy it to the memory allocated by db */ retval = krb5_dbe_encrypt_key_data(context, master_key, &key, |