clikrb5: don't use krb5_keyblock_init() when no salt is specified

If the caller wants to create a key with no salt we should not use krb5_keyblock_init() (only used when using heimdal) because it does sanity checks on the key length. metze (This used to be commit c83de77b750837a110611d7023c4cf71d2d0bab1)
author: Stefan Metzmacher <metze@samba.org> 2008-08-04 13:52:18 +0200
committer: Stefan Metzmacher <metze@samba.org> 2008-08-04 13:52:18 +0200
commit: 70c2a5b02eba592b30c9239383445c2c16295ba0 (patch)
tree: 64fefe6951c7d02b4ba4b5d56cf0d7d2da5d7cff /source3/libsmb/clikrb5.c
parent: 711efc06c82349faa979c3653226f4e944f59d18 (diff)
download: samba-70c2a5b02eba592b30c9239383445c2c16295ba0.tar.gz
samba-70c2a5b02eba592b30c9239383445c2c16295ba0.tar.bz2
samba-70c2a5b02eba592b30c9239383445c2c16295ba0.zip
1 files changed, 30 insertions, 35 deletions
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index cbe8f24909..d5d7c1f3b9 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -31,10 +31,12 @@
 #define KRB5_KEY_TYPE(k)	((k)->keytype) 
 #define KRB5_KEY_LENGTH(k)	((k)->keyvalue.length)
 #define KRB5_KEY_DATA(k)	((k)->keyvalue.data)
+#define KRB5_KEY_DATA_CAST	void
 #else /* MIT */
 #define	KRB5_KEY_TYPE(k)	((k)->enctype)
 #define KRB5_KEY_LENGTH(k)	((k)->length)
 #define KRB5_KEY_DATA(k)	((k)->contents)
+#define KRB5_KEY_DATA_CAST	krb5_octet
 #endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
 
 /**************************************************************
@@ -214,31 +216,21 @@ static int create_kerberos_key_from_string_direct(krb5_context context,
 						  krb5_principal host_princ,
 						  krb5_data *password,
 						  krb5_keyblock *key,
-						  krb5_enctype enctype,
-						  bool no_salt)
+						  krb5_enctype enctype)
 {
 	int ret = 0;
 	krb5_data salt;
 	krb5_encrypt_block eblock;
 
-	if (no_salt) {
-		key->contents = (krb5_octet *)SMB_MALLOC(password->length);
-		if (!key->contents) {
-			return ENOMEM;
-		}
-		memcpy(key->contents, password->data, password->length);
-		key->length = password->length;
-		key->enctype = enctype;
-	} else {
-		ret = krb5_principal2salt(context, host_princ, &salt);
-		if (ret) {
-			DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
-			return ret;
-		}
-		krb5_use_enctype(context, &eblock, enctype);
-		ret = krb5_string_to_key(context, &eblock, key, password, &salt);
-		SAFE_FREE(salt.data);
+	ret = krb5_principal2salt(context, host_princ, &salt);
+	if (ret) {
+		DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
+		return ret;
 	}
+	krb5_use_enctype(context, &eblock, enctype);
+	ret = krb5_string_to_key(context, &eblock, key, password, &salt);
+	SAFE_FREE(salt.data);
+
 	return ret;
 }
 #elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
@@ -246,27 +238,20 @@ static int create_kerberos_key_from_string_direct(krb5_context context,
 						  krb5_principal host_princ,
 						  krb5_data *password,
 						  krb5_keyblock *key,
-						  krb5_enctype enctype,
-						  bool no_salt)
+						  krb5_enctype enctype)
 {
 	int ret;
 	krb5_salt salt;
 
-	if (no_salt) {
-		return krb5_keyblock_init(context, enctype,
-					  password->data, password->length,
-					  key);
-	} else {
-		ret = krb5_get_pw_salt(context, host_princ, &salt);
-		if (ret) {
-			DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
-			return ret;
-		}
-
-		ret = krb5_string_to_key_salt(context, enctype, (const char *)password->data, salt, key);
-		krb5_free_salt(context, salt);
+	ret = krb5_get_pw_salt(context, host_princ, &salt);
+	if (ret) {
+		DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
+		return ret;
 	}
 
+	ret = krb5_string_to_key_salt(context, enctype, (const char *)password->data, salt, key);
+	krb5_free_salt(context, salt);
+
 	return ret;
 }
 #else
@@ -287,8 +272,18 @@ static int create_kerberos_key_from_string_direct(krb5_context context,
 	 * principal/enctype in a non-obvious way.  If it is, try to match
 	 * its behavior.
 	 */
+	if (no_salt) {
+		KRB5_KEY_DATA(key) = (KRB5_KEY_DATA_CAST *)SMB_MALLOC(password->length);
+		if (!KRB5_KEY_DATA(key)) {
+			return ENOMEM;
+		}
+		memcpy(KRB5_KEY_DATA(key), password->data, password->length);
+		KRB5_KEY_LENGTH(key) = password->length;
+		KRB5_KEY_TYPE(key) = enctype;
+		return 0;
+	}
 	salt_princ = kerberos_fetch_salt_princ_for_host_princ(context, host_princ, enctype);
-	ret = create_kerberos_key_from_string_direct(context, salt_princ ? salt_princ : host_princ, password, key, enctype, no_salt);
+	ret = create_kerberos_key_from_string_direct(context, salt_princ ? salt_princ : host_princ, password, key, enctype);
 	if (salt_princ) {
 		krb5_free_principal(context, salt_princ);
 	}
author	Stefan Metzmacher <metze@samba.org>	2008-08-04 13:52:18 +0200
committer	Stefan Metzmacher <metze@samba.org>	2008-08-04 13:52:18 +0200
commit	70c2a5b02eba592b30c9239383445c2c16295ba0 (patch)
tree	64fefe6951c7d02b4ba4b5d56cf0d7d2da5d7cff /source3/libsmb/clikrb5.c
parent	711efc06c82349faa979c3653226f4e944f59d18 (diff)
download	samba-70c2a5b02eba592b30c9239383445c2c16295ba0.tar.gz samba-70c2a5b02eba592b30c9239383445c2c16295ba0.tar.bz2 samba-70c2a5b02eba592b30c9239383445c2c16295ba0.zip