* kdb_cpw.c (add_key_rnd): remove bletcherous aggregate

		initializer stuff and use build_principal_ext like we
		should have in the first place to build the tgt principal.

Why are we using the TGS key to seed the random number generator?
This makes randomized service keys have data that is derived from the
TGS key.  Do we really want that?  Or am I missing something here?

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6474 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog
index 5c11b120812a5c6bed232ea8c75d5fa7dd0ff7e6..fbf9815ceaa350c8eeee11d8f6f0f364af64091c 100644 (file)
--- a/src/lib/kdb/ChangeLog
+++ b/src/lib/kdb/ChangeLog
@@ -1,3 +1,8 @@
+Tue Aug  8 21:32:30 1995  Tom Yu  <tlyu@dragons-lair.MIT.EDU>
+
+       * kdb_cpw.c (add_key_rnd): remove bletcherous aggregate
+               initializer stuff and use build_principal_ext like we
+               should have in the first place to build the tgt principal.
 
 Tue Aug 8 17:35:58 EDT 1995    Paul Park       (pjpark@mit.edu)
        * encrypt_key.c - When allocating the actual key_data_contents use the

diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index f507cc6d187a2d8b3dcac30c4f1e05ac750a9a5d..e75192f1c0fcd92086e7cba396589824940dce64 100644 (file)
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -75,17 +75,7 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno)
     krb5_db_entry      * db_entry;
     int                          kvno;
 {
-    krb5_data            krbtgt_princ_entries[] = {
-       { 0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME },
-       { 0, 0, 0 }, 
-    };
-    krb5_principal_data          krbtgt_princ = {
-       0,                                      /* magic number */
-        {0, 0, 0},                             /* krb5_data realm */
-       (krb5_data *) NULL,                     /* krb5_data *data */
-        2,                                     /* int length */
-        KRB5_NT_SRV_INST                       /* int type */
-    };
+    krb5_principal       krbtgt_princ;
     krb5_keyblock        krbtgt_keyblock, * key;
     krb5_pointer         krbtgt_seed;  
     krb5_encrypt_block   krbtgt_eblock;
@@ -94,20 +84,23 @@ add_key_rnd(context, master_eblock, ks_tuple, ks_tuple_count, db_entry, kvno)
     int                          max_kvno, one, i, j;
     krb5_error_code      retval;
 
-    krbtgt_princ.data = krbtgt_princ_entries;
-    krb5_princ_set_realm_length(context, &krbtgt_princ, 
-                               db_entry->princ->realm.length);
-    krb5_princ_set_realm_data(context, &krbtgt_princ, 
-                             db_entry->princ->realm.data);
-    krb5_princ_component(context, &krbtgt_princ, 1)->length = 
-                       db_entry->princ->realm.length;
-    krb5_princ_component(context, &krbtgt_princ, 1)->data = 
-                       db_entry->princ->realm.data;
+    retval = krb5_build_principal_ext(context, &krbtgt_princ,
+                                     db_entry->princ->realm.length,
+                                     db_entry->princ->realm.data,
+                                     KRB5_TGS_NAME_SIZE,
+                                     KRB5_TGS_NAME,
+                                     db_entry->princ->realm.length,
+                                     db_entry->princ->realm.data);
+    if (retval)
+       return retval;
 
     /* Get tgt from database */
-    if (retval = krb5_db_get_principal(context, &krbtgt_princ, &krbtgt_entry,
-                                      &one, &more))
+    retval = krb5_db_get_principal(context, krbtgt_princ, &krbtgt_entry,
+                                  &one, &more)) {
+    krb5_free_principal(krbtgt_princ); /* don't need it anymore */
+    if (retval)
        return(retval);
+    }
     if ((one > 1) || (more)) {
        krb5_db_free_principal(context, &krbtgt_entry, one);
        return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;