From 88bcf5899c3bd12b05d017436df0fc1374c954a5 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 17 Sep 2013 00:28:32 -0400
Subject: keytabs: Expose and modify key encoding function

Make it available outside of the encoding.c file for use in a follow-up
patch. Add option to not pass a password and generate a random key
instead.

Related:
https://fedorahosted.org/freeipa/ticket/3859

Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
---
 util/ipa_krb5.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'util')

diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
index cc84f9920..2a94b1944 100644
--- a/util/ipa_krb5.c
+++ b/util/ipa_krb5.c
@@ -212,9 +212,15 @@ krb5_error_code ipa_krb5_generate_key_data(krb5_context krbctx,
 
         /* need to build the key now to manage the AFS salt.length
          * special case */
-        kerr = krb5_c_string_to_key(krbctx,
-                                    encsalts[i].ks_enctype,
-                                    &pwd, &salt, &key);
+        if (pwd.data == NULL) {
+            kerr = krb5_c_make_random_key(krbctx,
+                                          encsalts[i].ks_enctype,
+                                          &key);
+        } else {
+            kerr = krb5_c_string_to_key(krbctx,
+                                        encsalts[i].ks_enctype,
+                                        &pwd, &salt, &key);
+        }
         if (kerr) {
             krb5_free_data_contents(krbctx, &salt);
             goto done;
-- 
cgit