diff options
| author | Simo Sorce <simo@redhat.com> | 2013-09-17 00:28:32 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-06-26 10:30:53 +0200 |
| commit | 88bcf5899c3bd12b05d017436df0fc1374c954a5 (patch) | |
| tree | 192389aaffbfd7359dd6020016ab9edc08260de5 /daemons | |
| parent | d04746cdea312eb630e6466162c322593187ab8b (diff) | |
| download | freeipa-88bcf5899c3bd12b05d017436df0fc1374c954a5.tar.gz freeipa-88bcf5899c3bd12b05d017436df0fc1374c954a5.tar.xz freeipa-88bcf5899c3bd12b05d017436df0fc1374c954a5.zip | |
keytabs: Expose and modify key encoding function
Make it available outside of the encoding.c file for use in a follow-up
patch. Add option to not pass a password and generate a random key
instead.
Related:
https://fedorahosted.org/freeipa/ticket/3859
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c | 20 | ||||
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h | 6 |
2 files changed, 19 insertions, 7 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c index 28f164eb8..5ca155dcf 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c @@ -102,8 +102,10 @@ void ipapwd_keyset_free(struct ipapwd_keyset **pkset) *pkset = NULL; } -static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, +Slapi_Value **ipapwd_encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, struct ipapwd_data *data, + int num_encsalts, + krb5_key_salt_tuple *encsalts, char **errMesg) { krb5_context krbctx; @@ -113,7 +115,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, Slapi_Value **svals = NULL; krb5_principal princ = NULL; krb5_error_code krberr; - krb5_data pwd; + krb5_data pwd = { 0 }; struct ipapwd_keyset *kset = NULL; krbctx = krbcfg->krbctx; @@ -141,8 +143,10 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, goto enc_error; } - pwd.data = (char *)data->password; - pwd.length = strlen(data->password); + if (data->password) { + pwd.data = (char *)data->password; + pwd.length = strlen(data->password); + } kset = malloc(sizeof(struct ipapwd_keyset)); if (!kset) { @@ -160,8 +164,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, krberr = ipa_krb5_generate_key_data(krbctx, princ, pwd, kvno, krbcfg->kmkey, - krbcfg->num_pref_encsalts, - krbcfg->pref_encsalts, + num_encsalts, encsalts, &kset->num_keys, &kset->keys); if (krberr != 0) { LOG_FATAL("generating kerberos keys failed [%s]\n", @@ -212,7 +215,10 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg, if (is_krb) { - *svals = encrypt_encode_key(krbcfg, data, errMesg); + *svals = ipapwd_encrypt_encode_key(krbcfg, data, + krbcfg->num_pref_encsalts, + krbcfg->pref_encsalts, + errMesg); if (!*svals) { /* errMesg should have been set in encrypt_encode_key() */ diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h index e18bf7bb6..f8851122b 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h @@ -141,6 +141,12 @@ struct ipapwd_keyset { void ipapwd_keyset_free(struct ipapwd_keyset **pkset); +Slapi_Value **ipapwd_encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, + struct ipapwd_data *data, + int num_encsalts, + krb5_key_salt_tuple *encsalts, + char **errMesg); + int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg, struct ipapwd_data *data, char *userpw, int is_krb, int is_smb, int is_ipant, |