1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s4-kdc/db-glue: make sure to use smb_krb5_get_pw_salt and smb_krb5_create_key_from_string.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Günther Deschner 2014-12-19 16:35:48 +01:00
parent 023b5af639
commit ac23b7dd52

View File

@ -1229,27 +1229,28 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
if (password_utf8.length != 0) {
Key key = {};
krb5_const_principal salt_principal = principal;
krb5_salt salt;
krb5_data salt;
krb5_data cleartext_data;
cleartext_data.data = password_utf8.data;
cleartext_data.length = password_utf8.length;
ret = krb5_get_pw_salt(context,
salt_principal,
&salt);
ret = smb_krb5_get_pw_salt(context,
salt_principal,
&salt);
if (ret != 0) {
goto out;
}
if (supported_enctypes & ENC_HMAC_SHA1_96_AES256) {
ret = krb5_string_to_key_data_salt(context,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
cleartext_data,
salt,
&key.key);
ret = smb_krb5_create_key_from_string(context,
salt_principal,
&salt,
&cleartext_data,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
&key.key);
if (ret != 0) {
krb5_free_salt(context, salt);
kerberos_free_data_contents(context, &salt);
goto out;
}
@ -1258,13 +1259,14 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
}
if (supported_enctypes & ENC_HMAC_SHA1_96_AES128) {
ret = krb5_string_to_key_data_salt(context,
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
cleartext_data,
salt,
&key.key);
ret = smb_krb5_create_key_from_string(context,
salt_principal,
&salt,
&cleartext_data,
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
&key.key);
if (ret != 0) {
krb5_free_salt(context, salt);
kerberos_free_data_contents(context, &salt);
goto out;
}
@ -1272,7 +1274,7 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
entry_ex->entry.keys.len++;
}
krb5_free_salt(context, salt);
kerberos_free_data_contents(context, &salt);
}
if (password_hash != NULL) {