lib/krb5_wrap: Rename confusing add_salt parameter to smb_krb5_kt_add_entry()

This just adds the key directly, it is not related to if salting is used or not.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 116f916234da7e74117dae70f95146ce552c29d8..5afd2404fce028a6a154db4c166209dd3915dda9 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1877,9 +1877,7 @@ out:
  *
  * @param[in]  password       The password of the keytab entry.
  *
- * @param[in]  no_salt        If the password should not be salted. Normally
- *                            this is only set to false for encryption types
- *                            which do not support salting like RC4.
+ * @param[in]  already_hashed The password is a key, not a password
  *
  * @retval 0 on Success
  *
@@ -1894,7 +1892,7 @@ krb5_error_code smb_krb5_kt_add_entry(krb5_context context,
                                      const char *salt_principal,
                                      krb5_enctype enctype,
                                      krb5_data *password,
-                                     bool no_salt)
+                                     bool already_hashed)
 {
        krb5_error_code ret;
        krb5_keytab_entry kt_entry;
@@ -1929,7 +1927,7 @@ krb5_error_code smb_krb5_kt_add_entry(krb5_context context,
 
        keyp = KRB5_KT_KEY(&kt_entry);
 
-       if (no_salt) {
+       if (already_hashed) {
                KRB5_KEY_DATA(keyp) = (KRB5_KEY_DATA_CAST *)SMB_MALLOC(password->length);
                if (KRB5_KEY_DATA(keyp) == NULL) {
                        ret = ENOMEM;

diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index e158a404dea18e2c2ba419d741c62b99a5ca7bce..464a7f21569d678046da55523ed6a3f94ae94ae8 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -249,7 +249,7 @@ krb5_error_code smb_krb5_kt_add_entry(krb5_context context,
                                      const char *salt_principal,
                                      krb5_enctype enctype,
                                      krb5_data *password,
-                                     bool no_salt);
+                                     bool already_hashed);
 
 krb5_error_code smb_krb5_get_credentials(krb5_context context,
                                         krb5_ccache ccache,

diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 466211a8611eb873a0e52cb246d59240698a9c4d..9841c60f0d9081895d418f3f3790330862642896 100644 (file)
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -302,7 +302,7 @@ static int add_kt_entry_etypes(krb5_context context, TALLOC_CTX *tmpctx,
                                            salt_princ_s,
                                            enctypes[i],
                                            password,
-                                           false); /* no_salt */
+                                           false); /* needs string2key (hashing) */
                if (ret) {
                        DBG_WARNING("Failed to add entry to keytab\n");
                        goto out;
@@ -317,7 +317,7 @@ static int add_kt_entry_etypes(krb5_context context, TALLOC_CTX *tmpctx,
                                                    salt_princ_s,
                                                    enctypes[i],
                                                    password,
-                                                   false); /* no_salt */
+                                                   false); /* needs string2key (hashing) */
                        if (ret) {
                                DBG_WARNING("Failed to add short entry to keytab\n");
                                goto out;