From de0f7301daf1c58f758140170a8be6d6a0c72c66 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 22 May 2017 11:38:12 +0200 Subject: [PATCH] s3:secrets: rework des_salt_key() to take the realm as argument BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 072dd87e639d7dbfc583ede5ddf6559d9d433b8b) --- source3/passdb/machine_account_secrets.c | 25 ++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c index 3f6d6b69f1c..114bed64d5f 100644 --- a/source3/passdb/machine_account_secrets.c +++ b/source3/passdb/machine_account_secrets.c @@ -571,16 +571,15 @@ char* kerberos_standard_des_salt( void ) /************************************************************************ ************************************************************************/ -static char* des_salt_key( void ) +static char *des_salt_key(const char *realm) { - char *key; - - if (asprintf(&key, "%s/DES/%s", SECRETS_SALTING_PRINCIPAL, - lp_realm()) == -1) { - return NULL; - } + char *keystr; - return key; + keystr = talloc_asprintf_strupper_m(talloc_tos(), "%s/DES/%s", + SECRETS_SALTING_PRINCIPAL, + realm); + SMB_ASSERT(keystr != NULL); + return keystr; } /************************************************************************ @@ -591,7 +590,8 @@ bool kerberos_secrets_store_des_salt( const char* salt ) char* key; bool ret; - if ( (key = des_salt_key()) == NULL ) { + key = des_salt_key(lp_realm()); + if (key == NULL) { DEBUG(0,("kerberos_secrets_store_des_salt: failed to generate key!\n")); return False; } @@ -606,7 +606,7 @@ bool kerberos_secrets_store_des_salt( const char* salt ) ret = secrets_store( key, salt, strlen(salt)+1 ); - SAFE_FREE( key ); + TALLOC_FREE(key); return ret; } @@ -619,14 +619,15 @@ char* kerberos_secrets_fetch_des_salt( void ) { char *salt, *key; - if ( (key = des_salt_key()) == NULL ) { + key = des_salt_key(lp_realm()); + if (key == NULL) { DEBUG(0,("kerberos_secrets_fetch_des_salt: failed to generate key!\n")); return NULL; } salt = (char*)secrets_fetch( key, NULL ); - SAFE_FREE( key ); + TALLOC_FREE(key); return salt; } -- 2.47.2