diff --git a/admin/dump.c b/admin/dump.c index 081337de4..a8f45cc44 100644 --- a/admin/dump.c +++ b/admin/dump.c @@ -94,9 +94,12 @@ hdb_entry2string(hdb_entry *ent, char **str) free(p); append_hex(buf, &ent->keys.val[i].key.keyvalue); strcat(buf, ":"); - if(ent->keys.val[i].salt) - append_hex(buf, ent->keys.val[i].salt); - else + if(ent->keys.val[i].salt){ + asprintf(&p, "%u/", ent->keys.val[i].salt->type); + strcat(buf, p); + free(p); + append_hex(buf, &ent->keys.val[i].salt->salt); + }else strcat(buf, "-"); } strcat(buf, " "); diff --git a/admin/load.c b/admin/load.c index 9456d5705..450bb8048 100644 --- a/admin/load.c +++ b/admin/load.c @@ -129,25 +129,30 @@ parse_keys(hdb_entry *ent, char *str) ((u_char*)key->key.keyvalue.data)[i / 2] = tmp; } p = strsep(&str, ":"); - if (p == NULL) { - key->salt = malloc(sizeof(*key->salt)); - krb5_data_zero (key->salt); - } else { - if(strcmp(p, "-") != 0){ - size_t p_len = strlen(p); - - key->salt = malloc(sizeof(*key->salt)); - if (p_len) { - krb5_data_alloc(key->salt, (p_len - 1) / 2 + 1); - for(i = 0; i < p_len; i += 2){ - sscanf(p + i, "%02x", &tmp); - ((u_char*)key->salt->data)[i / 2] = tmp; - } - } else - krb5_data_zero (key->salt); + if(strcmp(p, "-") != 0){ + unsigned type; + size_t p_len; + if(sscanf(p, "%u/", &type) != 1){ + } - p = strsep(&str, ":"); + p = strchr(p, '/'); + if(p == NULL); + p++; + p_len = strlen(p); + + key->salt = malloc(sizeof(*key->salt)); + key->salt->type = type; + + if (p_len) { + krb5_data_alloc(&key->salt->salt, (p_len - 1) / 2 + 1); + for(i = 0; i < p_len; i += 2){ + sscanf(p + i, "%02x", &tmp); + ((u_char*)key->salt->salt.data)[i / 2] = tmp; + } + } else + krb5_data_zero (&key->salt->salt); } + p = strsep(&str, ":"); } } diff --git a/kadmin/dump.c b/kadmin/dump.c index 081337de4..a8f45cc44 100644 --- a/kadmin/dump.c +++ b/kadmin/dump.c @@ -94,9 +94,12 @@ hdb_entry2string(hdb_entry *ent, char **str) free(p); append_hex(buf, &ent->keys.val[i].key.keyvalue); strcat(buf, ":"); - if(ent->keys.val[i].salt) - append_hex(buf, ent->keys.val[i].salt); - else + if(ent->keys.val[i].salt){ + asprintf(&p, "%u/", ent->keys.val[i].salt->type); + strcat(buf, p); + free(p); + append_hex(buf, &ent->keys.val[i].salt->salt); + }else strcat(buf, "-"); } strcat(buf, " "); diff --git a/kadmin/load.c b/kadmin/load.c index 9456d5705..450bb8048 100644 --- a/kadmin/load.c +++ b/kadmin/load.c @@ -129,25 +129,30 @@ parse_keys(hdb_entry *ent, char *str) ((u_char*)key->key.keyvalue.data)[i / 2] = tmp; } p = strsep(&str, ":"); - if (p == NULL) { - key->salt = malloc(sizeof(*key->salt)); - krb5_data_zero (key->salt); - } else { - if(strcmp(p, "-") != 0){ - size_t p_len = strlen(p); - - key->salt = malloc(sizeof(*key->salt)); - if (p_len) { - krb5_data_alloc(key->salt, (p_len - 1) / 2 + 1); - for(i = 0; i < p_len; i += 2){ - sscanf(p + i, "%02x", &tmp); - ((u_char*)key->salt->data)[i / 2] = tmp; - } - } else - krb5_data_zero (key->salt); + if(strcmp(p, "-") != 0){ + unsigned type; + size_t p_len; + if(sscanf(p, "%u/", &type) != 1){ + } - p = strsep(&str, ":"); + p = strchr(p, '/'); + if(p == NULL); + p++; + p_len = strlen(p); + + key->salt = malloc(sizeof(*key->salt)); + key->salt->type = type; + + if (p_len) { + krb5_data_alloc(&key->salt->salt, (p_len - 1) / 2 + 1); + for(i = 0; i < p_len; i += 2){ + sscanf(p + i, "%02x", &tmp); + ((u_char*)key->salt->salt.data)[i / 2] = tmp; + } + } else + krb5_data_zero (&key->salt->salt); } + p = strsep(&str, ":"); } } diff --git a/kdc/hprop.c b/kdc/hprop.c index d2f160e6d..8da2c10b7 100644 --- a/kdc/hprop.c +++ b/kdc/hprop.c @@ -121,6 +121,7 @@ conv_db(void *arg, Principal *p) ALLOC(ent.keys.val); ent.keys.val[0].mkvno = p->kdc_key_ver; ent.keys.val[0].salt = calloc(1, sizeof(*ent.keys.val[0].salt)); + ent.keys.val[0].salt->type = pa_pw_salt; ent.kvno = p->key_version; ent.keys.val[0].key.keytype = KEYTYPE_DES; krb5_data_alloc(&ent.keys.val[0].key.keyvalue, sizeof(des_cblock)); diff --git a/kdc/kerberos4.c b/kdc/kerberos4.c index fdab65a46..3e24c6bcd 100644 --- a/kdc/kerberos4.c +++ b/kdc/kerberos4.c @@ -182,7 +182,7 @@ do_version4(unsigned char *buf, #if 0 /* this is not necessary with the new code in libkrb */ /* find a properly salted key */ - while(ckey->salt == NULL || ckey->salt->length != 0) + while(ckey->salt == NULL || ckey->salt->salt.length != 0) ret = hdb_next_keytype2key(context, client, KEYTYPE_DES, &ckey); if(ret){ kdc_log(0, "No version-4 salted key in database -- %s.%s@%s", diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index fcdc4c6b7..7e49ff42f 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -509,8 +509,9 @@ as_rep(KDC_REQ *req, ALLOC(rep.padata); rep.padata->len = 1; rep.padata->val = calloc(1, sizeof(*rep.padata->val)); - rep.padata->val->padata_type = pa_pw_salt; - copy_octet_string(ckey->salt, &rep.padata->val->padata_value); + rep.padata->val->padata_type = ckey->salt->type; + copy_octet_string(&ckey->salt->salt, + &rep.padata->val->padata_value); } ret = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep, &len);