krb5_const_principal princ, krb5_int16 *salttype_out,
krb5_data **salt_out);
+/*
+ * Modify the key data of entry to explicitly store salt values using the
+ * KRB5_KDB_SALTTYPE_SPECIAL salt type.
+ */
+krb5_error_code
+krb5_dbe_specialize_salt(krb5_context context, krb5_db_entry *entry);
+
krb5_error_code
krb5_dbe_cpw( krb5_context kcontext,
krb5_keyblock * master_key,
return 0;
}
+krb5_error_code
+krb5_dbe_specialize_salt(krb5_context context, krb5_db_entry *entry)
+{
+ krb5_int16 stype, i;
+ krb5_data *salt = NULL;
+ krb5_error_code ret = 0;
+ uint8_t *data;
+
+ if (context == NULL || entry == NULL)
+ return EINVAL;
+
+ /*
+ * Store salt values explicitly so that they don't depend on the principal
+ * name.
+ */
+ for (i = 0; i < entry->n_key_data; i++) {
+ ret = krb5_dbe_compute_salt(context, &entry->key_data[i], entry->princ,
+ &stype, &salt);
+ if (ret)
+ goto cleanup;
+
+ data = krb5_db_alloc(context, NULL, salt->length);
+ if (data == NULL) {
+ ret = ENOMEM;
+ goto cleanup;
+ }
+ memcpy(data, salt->data, salt->length);
+
+ entry->key_data[i].key_data_type[1] = KRB5_KDB_SALTTYPE_SPECIAL;
+ krb5_db_free(context, entry->key_data[i].key_data_contents[1]);
+ entry->key_data[i].key_data_contents[1] = data;
+ entry->key_data[i].key_data_length[1] = salt->length;
+ entry->key_data[i].key_data_ver = 2;
+ krb5_free_data(context, salt);
+ salt = NULL;
+ }
+
+cleanup:
+ krb5_free_data(context, salt);
+ return ret;
+}
+
/* change password functions */
krb5_error_code
krb5_dbe_cpw(krb5_context kcontext, krb5_keyblock *master_key,
projects / thirdparty / krb5.git / commitdiff
