From 835d6c5ddb0f0c1603969b4a109297882d52bbcd Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 9 Aug 1995 01:36:43 +0000 Subject: * kdb_cpw.c (add_key_rnd): remove bletcherous aggregate initializer stuff and use build_principal_ext like we should have in the first place to build the tgt principal. Why are we using the TGS key to seed the random number generator? This makes randomized service keys have data that is derived from the TGS key. Do we really want that? Or am I missing something here? git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6474 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/kdb/ChangeLog | 5 +++++ src/lib/kdb/kdb_cpw.c | 37 +++++++++++++++---------------------- 2 files changed, 20 insertions(+), 22 deletions(-) (limited to 'src') diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog index 5c11b12081..fbf9815cea 100644 --- a/src/lib/kdb/ChangeLog +++ b/src/lib/kdb/ChangeLog @@ -1,3 +1,8 @@ +Tue Aug 8 21:32:30 1995 Tom Yu + + * kdb_cpw.c (add_key_rnd): remove bletcherous aggregate + initializer stuff and use build_principal_ext like we + should have in the first place to build the tgt principal. Tue Aug 8 17:35:58 EDT 1995 Paul Park (pjpark@mit.edu) * encrypt_key.c - When allocating the actual key_data_contents use the diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c index f507cc6d18..e75192f1c0 100644 --- a/src/lib/kdb/kdb_cpw.c +++ b/src/lib/kdb/kdb_cpw.c @@ -75,17 +75,7 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno) krb5_db_entry * db_entry; int kvno; { - krb5_data krbtgt_princ_entries[] = { - { 0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME }, - { 0, 0, 0 }, - }; - krb5_principal_data krbtgt_princ = { - 0, /* magic number */ - {0, 0, 0}, /* krb5_data realm */ - (krb5_data *) NULL, /* krb5_data *data */ - 2, /* int length */ - KRB5_NT_SRV_INST /* int type */ - }; + krb5_principal krbtgt_princ; krb5_keyblock krbtgt_keyblock, * key; krb5_pointer krbtgt_seed; krb5_encrypt_block krbtgt_eblock; @@ -94,20 +84,23 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno) int max_kvno, one, i, j; krb5_error_code retval; - krbtgt_princ.data = krbtgt_princ_entries; - krb5_princ_set_realm_length(context, &krbtgt_princ, - db_entry->princ->realm.length); - krb5_princ_set_realm_data(context, &krbtgt_princ, - db_entry->princ->realm.data); - krb5_princ_component(context, &krbtgt_princ, 1)->length = - db_entry->princ->realm.length; - krb5_princ_component(context, &krbtgt_princ, 1)->data = - db_entry->princ->realm.data; + retval = krb5_build_principal_ext(context, &krbtgt_princ, + db_entry->princ->realm.length, + db_entry->princ->realm.data, + KRB5_TGS_NAME_SIZE, + KRB5_TGS_NAME, + db_entry->princ->realm.length, + db_entry->princ->realm.data); + if (retval) + return retval; /* Get tgt from database */ - if (retval = krb5_db_get_principal(context, &krbtgt_princ, &krbtgt_entry, - &one, &more)) + retval = krb5_db_get_principal(context, krbtgt_princ, &krbtgt_entry, + &one, &more)) { + krb5_free_principal(krbtgt_princ); /* don't need it anymore */ + if (retval) return(retval); + } if ((one > 1) || (more)) { krb5_db_free_principal(context, &krbtgt_entry, one); return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; -- cgit