diff options
-rw-r--r-- | src/lib/krb5/asn.1/ldap_key_seq.c | 19 | ||||
-rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 6 | ||||
-rw-r--r-- | src/tests/kdbtest.c | 2 |
3 files changed, 21 insertions, 6 deletions
diff --git a/src/lib/krb5/asn.1/ldap_key_seq.c b/src/lib/krb5/asn.1/ldap_key_seq.c index 69ad847c2..deb47058d 100644 --- a/src/lib/krb5/asn.1/ldap_key_seq.c +++ b/src/lib/krb5/asn.1/ldap_key_seq.c @@ -57,14 +57,14 @@ DEFCOUNTEDSTRINGTYPE(ui2_octetstring, unsigned char *, krb5_ui_2, ASN1_OCTETSTRING); static int -is_salt_present(const void *p) +is_value_present(const void *p) { const krb5_key_data *val = p; return (val->key_data_length[1] != 0); } DEFCOUNTEDTYPE(krbsalt_salt, krb5_key_data, key_data_contents[1], key_data_length[1], ui2_octetstring); -DEFOPTIONALTYPE(krbsalt_salt_if_present, is_salt_present, NULL, krbsalt_salt); +DEFOPTIONALTYPE(krbsalt_salt_if_present, is_value_present, NULL, krbsalt_salt); DEFFIELD(krbsalt_0, krb5_key_data, key_data_type[1], 0, int16); DEFCTAGGEDTYPE(krbsalt_1, 1, krbsalt_salt_if_present); static const struct atype_info *krbsalt_fields[] = { @@ -80,7 +80,20 @@ static const struct atype_info *encryptionkey_fields[] = { }; DEFSEQTYPE(encryptionkey, krb5_key_data, encryptionkey_fields); -DEFCTAGGEDTYPE(key_data_0, 0, krbsalt); +static int +is_salt_present(const void *p) +{ + const krb5_key_data *val = p; + return val->key_data_ver > 1; +} +static void +no_salt(void *p) +{ + krb5_key_data *val = p; + val->key_data_ver = 1; +} +DEFOPTIONALTYPE(key_data_salt_if_present, is_salt_present, no_salt, krbsalt); +DEFCTAGGEDTYPE(key_data_0, 0, key_data_salt_if_present); DEFCTAGGEDTYPE(key_data_1, 1, encryptionkey); #if 0 /* We don't support this field currently. */ DEFCTAGGEDTYPE(key_data_2, 2, s2kparams), diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index 482066fa2..b9bd05905 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -383,8 +383,10 @@ asn1_decode_sequence_of_keys(krb5_data *in, krb5_key_data **out, /* Set kvno and key_data_ver in each key_data element. */ for (i = 0; i < p->n_key_data; i++) { p->key_data[i].key_data_kvno = p->kvno; - p->key_data[i].key_data_ver = - (p->key_data[i].key_data_length[1] == 0) ? 1 : 2; + /* The decoder sets key_data_ver to 1 if no salt is present, but leaves + * it at 0 if salt is present. */ + if (p->key_data[i].key_data_ver == 0) + p->key_data[i].key_data_ver = 2; } *out = p->key_data; diff --git a/src/tests/kdbtest.c b/src/tests/kdbtest.c index 64f28bbca..d21126558 100644 --- a/src/tests/kdbtest.c +++ b/src/tests/kdbtest.c @@ -120,7 +120,7 @@ static krb5_key_data keys[] = { U("expsalt") } }, { - 1, /* key_data_ver */ + 2, /* key_data_ver */ 2, /* key_data_kvno */ { ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0 }, { 16, 0 }, |