diff options
| author | Stefan Metzmacher <metze@samba.org> | 2024-03-15 19:19:20 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2024-05-22 03:04:34 +0000 |
| commit | 8cfebc36edcf5a4ba259d11c6e319aba303ea8ff (patch) | |
| tree | 056b69a9c8d40b8dc21d99a58633f1111884fa2d /source4 | |
| parent | 83f03513fd5221cb3bf914bd996c86f0840f34dd (diff) | |
| download | samba-8cfebc36edcf5a4ba259d11c6e319aba303ea8ff.tar.gz samba-8cfebc36edcf5a4ba259d11c6e319aba303ea8ff.tar.bz2 samba-8cfebc36edcf5a4ba259d11c6e319aba303ea8ff.zip | |
s4:kdc: split out samba_kdc_fill_trust_keys() helper
Let samba_kdc_trust_message2entry() also fill in the salt used
by the key. This is not strictly needed, but it's better to
be consistent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/kdc/db-glue.c | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index 1c00527d481..2ab3155dffb 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -2179,6 +2179,25 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, } if (supported_enctypes & ENC_HMAC_SHA1_96_AES256) { + key.salt = calloc(1, sizeof(*key.salt)); + if (key.salt == NULL) { + smb_krb5_free_data_contents(context, &salt); + ret = ENOMEM; + goto out; + } + + key.salt->type = KRB5_PW_SALT; + + ret = smb_krb5_copy_data_contents(&key.salt->salt, + salt.data, + salt.length); + if (ret) { + *key.salt = (struct sdb_salt) {}; + sdb_key_free(&key); + smb_krb5_free_data_contents(context, &salt); + goto out; + } + ret = smb_krb5_create_key_from_string(context, salt_principal, &salt, @@ -2186,6 +2205,8 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, ENCTYPE_AES256_CTS_HMAC_SHA1_96, &key.key); if (ret != 0) { + ZERO_STRUCT(key.key); + sdb_key_free(&key); smb_krb5_free_data_contents(context, &salt); goto out; } @@ -2195,6 +2216,25 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, } if (supported_enctypes & ENC_HMAC_SHA1_96_AES128) { + key.salt = calloc(1, sizeof(*key.salt)); + if (key.salt == NULL) { + smb_krb5_free_data_contents(context, &salt); + ret = ENOMEM; + goto out; + } + + key.salt->type = KRB5_PW_SALT; + + ret = smb_krb5_copy_data_contents(&key.salt->salt, + salt.data, + salt.length); + if (ret) { + *key.salt = (struct sdb_salt) {}; + sdb_key_free(&key); + smb_krb5_free_data_contents(context, &salt); + goto out; + } + ret = smb_krb5_create_key_from_string(context, salt_principal, &salt, @@ -2202,6 +2242,8 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context, ENCTYPE_AES128_CTS_HMAC_SHA1_96, &key.key); if (ret != 0) { + ZERO_STRUCT(key.key); + sdb_key_free(&key); smb_krb5_free_data_contents(context, &salt); goto out; } |