From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 22 May 2017 09:38:12 +0000 (+0200)
Subject: s3:secrets: rework des_salt_key() to take the realm as argument
X-Git-Tag: tdb-1.3.14~121
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=072dd87e639d7dbfc583ede5ddf6559d9d433b8b;p=thirdparty%2Fsamba.git

s3:secrets: rework des_salt_key() to take the realm as argument

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index 3f6d6b69f1c..114bed64d5f 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -571,16 +571,15 @@ char* kerberos_standard_des_salt( void )
 /************************************************************************
 ************************************************************************/
 
-static char* des_salt_key( void )
+static char *des_salt_key(const char *realm)
 {
-	char *key;
-
-	if (asprintf(&key, "%s/DES/%s", SECRETS_SALTING_PRINCIPAL,
-		     lp_realm()) == -1) {
-		return NULL;
-	}
+	char *keystr;
 
-	return key;
+	keystr = talloc_asprintf_strupper_m(talloc_tos(), "%s/DES/%s",
+					    SECRETS_SALTING_PRINCIPAL,
+					    realm);
+	SMB_ASSERT(keystr != NULL);
+	return keystr;
 }
 
 /************************************************************************
@@ -591,7 +590,8 @@ bool kerberos_secrets_store_des_salt( const char* salt )
 	char* key;
 	bool ret;
 
-	if ( (key = des_salt_key()) == NULL ) {
+	key = des_salt_key(lp_realm());
+	if (key == NULL) {
 		DEBUG(0,("kerberos_secrets_store_des_salt: failed to generate key!\n"));
 		return False;
 	}
@@ -606,7 +606,7 @@ bool kerberos_secrets_store_des_salt( const char* salt )
 
 	ret = secrets_store( key, salt, strlen(salt)+1 );
 
-	SAFE_FREE( key );
+	TALLOC_FREE(key);
 
 	return ret;
 }
@@ -619,14 +619,15 @@ char* kerberos_secrets_fetch_des_salt( void )
 {
 	char *salt, *key;
 
-	if ( (key = des_salt_key()) == NULL ) {
+	key = des_salt_key(lp_realm());
+	if (key == NULL) {
 		DEBUG(0,("kerberos_secrets_fetch_des_salt: failed to generate key!\n"));
 		return NULL;
 	}
 
 	salt = (char*)secrets_fetch( key, NULL );
 
-	SAFE_FREE( key );
+	TALLOC_FREE(key);
 
 	return salt;
 }