[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-3532-gba18af0
Stefan Metzmacher
metze at samba.org
Mon Aug 4 12:29:00 GMT 2008
The branch, v3-3-test has been updated
via ba18af00cc79a4e92372d3c1151061f200bc0655 (commit)
via c83de77b750837a110611d7023c4cf71d2d0bab1 (commit)
from 08e97bd369ebe3ab1fd92433b168585faea92c68 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit ba18af00cc79a4e92372d3c1151061f200bc0655
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 4 14:28:02 2008 +0200
libnet_keytab: fix the build with heimdal
metze
commit c83de77b750837a110611d7023c4cf71d2d0bab1
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Aug 4 13:52:18 2008 +0200
clikrb5: don't use krb5_keyblock_init() when no salt is specified
If the caller wants to create a key with no salt we should
not use krb5_keyblock_init() (only used when using heimdal)
because it does sanity checks on the key length.
metze
-----------------------------------------------------------------------
Summary of changes:
source/libnet/libnet_keytab.c | 44 ++++++++++++++++++++++++----
source/libsmb/clikrb5.c | 65 +++++++++++++++++++----------------------
2 files changed, 68 insertions(+), 41 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/libnet/libnet_keytab.c b/source/libnet/libnet_keytab.c
index 08951c5..836cf6e 100644
--- a/source/libnet/libnet_keytab.c
+++ b/source/libnet/libnet_keytab.c
@@ -24,6 +24,16 @@
#ifdef HAVE_KRB5
+#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
+#define KRB5_KEY_TYPE(k) ((k)->keytype)
+#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
+#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
+#else /* MIT */
+#define KRB5_KEY_TYPE(k) ((k)->enctype)
+#define KRB5_KEY_LENGTH(k) ((k)->length)
+#define KRB5_KEY_DATA(k) ((k)->contents)
+#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
+
/****************************************************************
****************************************************************/
@@ -131,13 +141,24 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context,
while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0)
{
+ krb5_keyblock *keyp;
char *princ_s = NULL;
if (kt_entry.vno != kvno && !ignore_kvno) {
goto cont;
}
- if (kt_entry.key.enctype != enctype) {
+#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK)
+#error krb5_keytab_entry has no key or keyblock member
+#endif
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */
+ keyp = &kt_entry.key;
+#endif
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */
+ keyp = &kt_entry.keyblock;
+#endif
+
+ if (KRB5_KEY_TYPE(keyp) != enctype) {
goto cont;
}
@@ -157,7 +178,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context,
DEBUG(10, ("found entry for principal %s, kvno %d, "
"enctype %d - trying to remove it\n",
- princ_s, kt_entry.vno, kt_entry.key.enctype));
+ princ_s, kt_entry.vno, KRB5_KEY_TYPE(keyp)));
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
ZERO_STRUCT(cursor);
@@ -176,7 +197,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context,
}
DEBUG(10, ("removed entry for principal %s, kvno %d, "
"enctype %d\n", princ_s, kt_entry.vno,
- kt_entry.key.enctype));
+ KRB5_KEY_TYPE(keyp)));
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if (ret) {
@@ -335,13 +356,24 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c
while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0)
{
+ krb5_keyblock *keyp;
char *princ_s = NULL;
if (kt_entry.vno != kvno) {
goto cont;
}
- if (kt_entry.key.enctype != enctype) {
+#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK)
+#error krb5_keytab_entry has no key or keyblock member
+#endif
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */
+ keyp = &kt_entry.key;
+#endif
+#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */
+ keyp = &kt_entry.keyblock;
+#endif
+
+ if (KRB5_KEY_TYPE(keyp) != enctype) {
goto cont;
}
@@ -373,8 +405,8 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c
goto fail;
}
- entry->password = data_blob_talloc(entry, kt_entry.key.contents,
- kt_entry.key.length);
+ entry->password = data_blob_talloc(entry, KRB5_KEY_DATA(keyp),
+ KRB5_KEY_LENGTH(keyp));
if (!entry->password.data) {
DEBUG(3, ("data_blob_talloc failed\n"));
goto fail;
diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c
index cbe8f24..d5d7c1f 100644
--- a/source/libsmb/clikrb5.c
+++ b/source/libsmb/clikrb5.c
@@ -31,10 +31,12 @@
#define KRB5_KEY_TYPE(k) ((k)->keytype)
#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length)
#define KRB5_KEY_DATA(k) ((k)->keyvalue.data)
+#define KRB5_KEY_DATA_CAST void
#else /* MIT */
#define KRB5_KEY_TYPE(k) ((k)->enctype)
#define KRB5_KEY_LENGTH(k) ((k)->length)
#define KRB5_KEY_DATA(k) ((k)->contents)
+#define KRB5_KEY_DATA_CAST krb5_octet
#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
/**************************************************************
@@ -214,31 +216,21 @@ static int create_kerberos_key_from_string_direct(krb5_context context,
krb5_principal host_princ,
krb5_data *password,
krb5_keyblock *key,
- krb5_enctype enctype,
- bool no_salt)
+ krb5_enctype enctype)
{
int ret = 0;
krb5_data salt;
krb5_encrypt_block eblock;
- if (no_salt) {
- key->contents = (krb5_octet *)SMB_MALLOC(password->length);
- if (!key->contents) {
- return ENOMEM;
- }
- memcpy(key->contents, password->data, password->length);
- key->length = password->length;
- key->enctype = enctype;
- } else {
- ret = krb5_principal2salt(context, host_princ, &salt);
- if (ret) {
- DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
- return ret;
- }
- krb5_use_enctype(context, &eblock, enctype);
- ret = krb5_string_to_key(context, &eblock, key, password, &salt);
- SAFE_FREE(salt.data);
+ ret = krb5_principal2salt(context, host_princ, &salt);
+ if (ret) {
+ DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
+ return ret;
}
+ krb5_use_enctype(context, &eblock, enctype);
+ ret = krb5_string_to_key(context, &eblock, key, password, &salt);
+ SAFE_FREE(salt.data);
+
return ret;
}
#elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
@@ -246,27 +238,20 @@ static int create_kerberos_key_from_string_direct(krb5_context context,
krb5_principal host_princ,
krb5_data *password,
krb5_keyblock *key,
- krb5_enctype enctype,
- bool no_salt)
+ krb5_enctype enctype)
{
int ret;
krb5_salt salt;
- if (no_salt) {
- return krb5_keyblock_init(context, enctype,
- password->data, password->length,
- key);
- } else {
- ret = krb5_get_pw_salt(context, host_princ, &salt);
- if (ret) {
- DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
- return ret;
- }
-
- ret = krb5_string_to_key_salt(context, enctype, (const char *)password->data, salt, key);
- krb5_free_salt(context, salt);
+ ret = krb5_get_pw_salt(context, host_princ, &salt);
+ if (ret) {
+ DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
+ return ret;
}
+ ret = krb5_string_to_key_salt(context, enctype, (const char *)password->data, salt, key);
+ krb5_free_salt(context, salt);
+
return ret;
}
#else
@@ -287,8 +272,18 @@ static int create_kerberos_key_from_string_direct(krb5_context context,
* principal/enctype in a non-obvious way. If it is, try to match
* its behavior.
*/
+ if (no_salt) {
+ KRB5_KEY_DATA(key) = (KRB5_KEY_DATA_CAST *)SMB_MALLOC(password->length);
+ if (!KRB5_KEY_DATA(key)) {
+ return ENOMEM;
+ }
+ memcpy(KRB5_KEY_DATA(key), password->data, password->length);
+ KRB5_KEY_LENGTH(key) = password->length;
+ KRB5_KEY_TYPE(key) = enctype;
+ return 0;
+ }
salt_princ = kerberos_fetch_salt_princ_for_host_princ(context, host_princ, enctype);
- ret = create_kerberos_key_from_string_direct(context, salt_princ ? salt_princ : host_princ, password, key, enctype, no_salt);
+ ret = create_kerberos_key_from_string_direct(context, salt_princ ? salt_princ : host_princ, password, key, enctype);
if (salt_princ) {
krb5_free_principal(context, salt_princ);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list