krb5_principal mod_name;
krb5_timestamp mod_date;
krb5_flags attributes;
+ krb5_int32 salt_type:8,
+ salt_length:24;
+ krb5_octet *salt;
} krb5_db_entry;
+#define KRB5_KDB_SALTTYPE_NORMAL 0
+#define KRB5_KDB_SALTTYPE_V4 1
+#define KRB5_KDB_SALTTYPE_NOREALM 2
+#define KRB5_KDB_SALTTYPE_ONLYREALM 3
+#define KRB5_KDB_SALTTYPE_SPECIAL 4
+
#define KRB5_KDB_DISALLOW_POSTDATED 0x00000001
#define KRB5_KDB_DISALLOW_FORWARDABLE 0x00000002
#define KRB5_KDB_DISALLOW_TGT_BASED 0x00000004
/* since there is some baggage pointing off of the entry
structure, we'll encode it by writing the structure, with nulled
pointers, followed by the unparsed principal name, then the key, and
- then the unparsed mod_princ name.
+ then the unparsed mod_princ name, and then the salt (if any).
*/
copy_princ = *entry;
copy_princ.principal = 0;
copy_princ.mod_name = 0;
+ copy_princ.salt = 0;
if (retval = krb5_unparse_name(entry->principal, &unparse_princ))
return(retval);
princ_size = strlen(unparse_princ)+1;
mod_size = strlen(unparse_mod_princ)+1;
contents->dsize = sizeof(copy_princ)+ princ_size + mod_size
- + entry->key.length;
+ + entry->key.length + entry->salt_length;
contents->dptr = malloc(contents->dsize);
if (!contents->dptr) {
free(unparse_princ);
(void) memcpy(nextloc, unparse_mod_princ, mod_size);
nextloc += mod_size;
(void) memcpy(nextloc, (char *)entry->key.contents, entry->key.length);
+ if (entry->salt) {
+ nextloc += entry->key.length;
+ (void) memcpy(nextloc, (char *)entry->salt, entry->salt_length);
+ }
free(unparse_princ);
free(unparse_mod_princ);
return 0;
}
entry->mod_name = mod_princ;
nextloc += strlen(nextloc)+1; /* advance past 2nd string */
- keysize = contents->dsize - (nextloc - contents->dptr);
+ keysize = contents->dsize - (nextloc - contents->dptr) -
+ entry->salt_length;
if (keysize <= 0) {
krb5_free_principal(princ);
krb5_free_principal(mod_princ);
free((char *)entry->key.contents);
(void) memset((char *) entry, 0, sizeof(*entry));
return KRB5_KDB_TRUNCATED_RECORD;
- }
+ }
+ if (entry->salt_length) {
+ nextloc += keysize;
+ /* already determined above that sufficient space for this
+ exists, since we factor entry->salt_length into the keysize
+ calculations */
+ if (!(entry->salt = (krb5_octet *)malloc(entry->salt_length))) {
+ krb5_free_principal(princ);
+ krb5_free_principal(mod_princ);
+ free((char *)entry->key.contents);
+ (void) memset((char *) entry, 0, sizeof(*entry));
+ return KRB5_KDB_TRUNCATED_RECORD;
+ }
+ (void) memcpy((char *)entry->salt, nextloc, entry->salt_length);
+ }
return 0;
}
/* erase the key */
memset((char *)entry->key.contents, 0, entry->key.length);
free((char *)entry->key.contents);
+ if (entry->salt_length)
+ free((char *)entry->salt);
krb5_free_principal(entry->principal);
krb5_free_principal(entry->mod_name);