From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 15 Mar 2024 18:19:20 +0000 (+0100)
Subject: s4:kdc: split out samba_kdc_fill_trust_keys() helper
X-Git-Tag: tdb-1.4.11~639
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8cfebc36edcf5a4ba259d11c6e319aba303ea8ff;p=thirdparty%2Fsamba.git

s4:kdc: split out samba_kdc_fill_trust_keys() helper

Let samba_kdc_trust_message2entry() also fill in the salt used
by the key. This is not strictly needed, but it's better to
be consistent.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 1c00527d481..2ab3155dffb 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -2179,6 +2179,25 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
 		}
 
 		if (supported_enctypes & ENC_HMAC_SHA1_96_AES256) {
+			key.salt = calloc(1, sizeof(*key.salt));
+			if (key.salt == NULL) {
+				smb_krb5_free_data_contents(context, &salt);
+				ret = ENOMEM;
+				goto out;
+			}
+
+			key.salt->type = KRB5_PW_SALT;
+
+			ret = smb_krb5_copy_data_contents(&key.salt->salt,
+							  salt.data,
+							  salt.length);
+			if (ret) {
+				*key.salt = (struct sdb_salt) {};
+				sdb_key_free(&key);
+				smb_krb5_free_data_contents(context, &salt);
+				goto out;
+			}
+
 			ret = smb_krb5_create_key_from_string(context,
 							      salt_principal,
 							      &salt,
@@ -2186,6 +2205,8 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
 							      ENCTYPE_AES256_CTS_HMAC_SHA1_96,
 							      &key.key);
 			if (ret != 0) {
+				ZERO_STRUCT(key.key);
+				sdb_key_free(&key);
 				smb_krb5_free_data_contents(context, &salt);
 				goto out;
 			}
@@ -2195,6 +2216,25 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
 		}
 
 		if (supported_enctypes & ENC_HMAC_SHA1_96_AES128) {
+			key.salt = calloc(1, sizeof(*key.salt));
+			if (key.salt == NULL) {
+				smb_krb5_free_data_contents(context, &salt);
+				ret = ENOMEM;
+				goto out;
+			}
+
+			key.salt->type = KRB5_PW_SALT;
+
+			ret = smb_krb5_copy_data_contents(&key.salt->salt,
+							  salt.data,
+							  salt.length);
+			if (ret) {
+				*key.salt = (struct sdb_salt) {};
+				sdb_key_free(&key);
+				smb_krb5_free_data_contents(context, &salt);
+				goto out;
+			}
+
 			ret = smb_krb5_create_key_from_string(context,
 							      salt_principal,
 							      &salt,
@@ -2202,6 +2242,8 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
 							      ENCTYPE_AES128_CTS_HMAC_SHA1_96,
 							      &key.key);
 			if (ret != 0) {
+				ZERO_STRUCT(key.key);
+				sdb_key_free(&key);
 				smb_krb5_free_data_contents(context, &salt);
 				goto out;
 			}