svn commit: lorikeet r240 - in branches/tmp/heimdal-gssapi: admin lib/krb5

[metze at samba.org]

Author: metze
Date: 2005-03-01 18:58:11 +0000 (Tue, 01 Mar 2005)
New Revision: 240

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=240

Log:
add ktutil add --keyhex option that says that the specified
password is the key as hex string, this is very useful when you have the NTHASH
as hexstring, like that one's stored in samba's passdb backends,
or what a modified RPC-SAMSYNC torture test gives me...

(ethereal can know decrypt krb5 blobs from my w2k3 dc)

metze

Modified:
   branches/tmp/heimdal-gssapi/admin/add.c
   branches/tmp/heimdal-gssapi/admin/ktutil-commands.in
   branches/tmp/heimdal-gssapi/lib/krb5/crypto.c
   branches/tmp/heimdal-gssapi/lib/krb5/krb5-protos.h


Changeset:
Modified: branches/tmp/heimdal-gssapi/admin/add.c
===================================================================
--- branches/tmp/heimdal-gssapi/admin/add.c	2005-03-01 13:52:43 UTC (rev 239)
+++ branches/tmp/heimdal-gssapi/admin/add.c	2005-03-01 18:58:11 UTC (rev 240)
@@ -101,7 +101,10 @@
 	opt->password_string = buf;
     }
     if(opt->password_string) {
-	if (!opt->salt_flag) {
+    	if (opt->keyhex_flag) {
+	    ret = krb5_hexkey_to_key(context, enctype, opt->password_string, 
+				     entry.principal, &entry.keyblock);
+    	} else if (!opt->salt_flag) {
 	    krb5_salt salt;
 	    krb5_data pw;
 

Modified: branches/tmp/heimdal-gssapi/admin/ktutil-commands.in
===================================================================
--- branches/tmp/heimdal-gssapi/admin/ktutil-commands.in	2005-03-01 13:52:43 UTC (rev 239)
+++ branches/tmp/heimdal-gssapi/admin/ktutil-commands.in	2005-03-01 18:58:11 UTC (rev 240)
@@ -75,6 +75,12 @@
 		type = "flag"
 		help = "generate random key"
 	}
+	option = {
+		long = "keyhex"
+		short = "k"
+		type = "flag"
+		help = "password is key as hex string"
+	}
 	function = "kt_add"
 	help = "Adds a key to a keytab."
 	max_args = "0"

Modified: branches/tmp/heimdal-gssapi/lib/krb5/crypto.c
===================================================================
--- branches/tmp/heimdal-gssapi/lib/krb5/crypto.c	2005-03-01 13:52:43 UTC (rev 239)
+++ branches/tmp/heimdal-gssapi/lib/krb5/crypto.c	2005-03-01 18:58:11 UTC (rev 240)
@@ -1176,7 +1176,75 @@
     return ret;
 }
 
+
 krb5_error_code KRB5_LIB_FUNCTION
+krb5_hexkey_to_key (krb5_context context,
+		    krb5_enctype enctype,
+		    const char *hexkey,
+		    krb5_principal principal,
+		    krb5_keyblock *key)
+{
+    char *k;
+    size_t len;
+    int i, y, key_len, left;
+    struct encryption_type *et =_find_enctype(enctype);
+
+    if(et == NULL) {
+	krb5_set_error_string(context, "encryption type %d not supported",
+			      enctype);
+	return KRB5_PROG_ETYPE_NOSUPP;
+    }
+
+    key_len = et->keytype->size;
+
+    len = strlen(hexkey);
+    if (len != (key_len*2)) {
+    	krb5_set_error_string(context, "invalid hexkey len (%d/%d)", len, key_len*2);
+    	return EINVAL;
+    }
+
+    k = malloc (len);
+    if (k == NULL) {
+	krb5_set_error_string(context, "malloc: out of memory");
+	return ENOMEM;
+    }
+
+    i = 0;
+    y = 0;
+    left = len;
+    for (; left > 0;) {
+    	int ret;
+    	unsigned c;
+
+	ret = sscanf(&hexkey[i],"%02X", &c);
+    	if (ret != 1 || c > 0xFF) {
+    	    krb5_set_error_string(context, "invalid hexkey");
+    	    memset (k, 0, len);
+	    free (k);
+    	    return EINVAL;
+    	}
+    	left -= 2;
+    	i += 2;
+    	k[y++] = (char)c;
+    }
+
+    if (y != key_len) {
+    	    krb5_set_error_string(context, "invalid key len (%d/%d)", y, key_len);
+    	    memset (k, 0, len);
+	    free (k);
+	    return EINVAL;
+    }
+
+    key->keytype = enctype;
+    krb5_data_alloc (&key->keyvalue, key_len);
+    memcpy(key->keyvalue.data, k, key_len);
+    memset (k, 0, len);
+    free (k);
+    return 0;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
 krb5_string_to_key (krb5_context context,
 		    krb5_enctype enctype,
 		    const char *password,

Modified: branches/tmp/heimdal-gssapi/lib/krb5/krb5-protos.h
===================================================================
--- branches/tmp/heimdal-gssapi/lib/krb5/krb5-protos.h	2005-03-01 13:52:43 UTC (rev 239)
+++ branches/tmp/heimdal-gssapi/lib/krb5/krb5-protos.h	2005-03-01 18:58:11 UTC (rev 240)
@@ -3030,6 +3030,13 @@
 	krb5_keyblock */*key*/);
 
 krb5_error_code KRB5_LIB_FUNCTION
+krb5_hexkey_to_key (krb5_context /*context*/,
+		    krb5_enctype /*enctype*/,
+		    const char */*hexkey*/,
+		    krb5_principal /*principal*/,
+		    krb5_keyblock */*key*/);
+
+krb5_error_code KRB5_LIB_FUNCTION
 krb5_string_to_key_data_salt (
 	krb5_context /*context*/,
 	krb5_enctype /*enctype*/,