From c309eee4533bef7e13fcf462bdd0b36d022c3dd1 Mon Sep 17 00:00:00 2001
From: John Kohl <jtkohl@mit.edu>
Date: Thu, 14 Feb 1991 14:51:38 +0000
Subject: [PATCH] add in padata salting support

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1698 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kdc/do_as_req.c | 50 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 49 insertions(+), 1 deletion(-)

diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 17b546f52..4d4c46e23 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -67,6 +67,8 @@ krb5_data **response;			/* filled in with a response packet */
     krb5_keyblock *session_key;
     krb5_keyblock encrypting_key;
     krb5_enctype useetype;
+    krb5_pa_data *padat_tmp[2], padat_local;
+
     register int i;
 
     krb5_timestamp until, rtime;
@@ -272,7 +274,53 @@ krb5_data **response;			/* filled in with a response packet */
     reply.msg_type = KRB5_AS_REP;
 
     reply.padata = 0;
-    /* XXX put in padata salting stuff here*/
+    if (client.salt_type != KRB5_KDB_SALTTYPE_NORMAL) {
+        padat_tmp[0] = &padat_local;
+        padat_tmp[1] = 0;
+ 
+        padat_tmp[0]->pa_type = KRB5_PADATA_PW_SALT;
+
+	/* WARNING: sharing substructure here, but it's not a real problem,
+	   since nothing below will "pull out the rug" */
+
+	switch (client.salt_type) {
+	    krb5_data *data_foo, data_bar;
+	case KRB5_KDB_SALTTYPE_V4:
+	    /* send an empty (V4) salt */
+	    padat_tmp[0]->contents = 0;
+	    padat_tmp[0]->length = 0;
+	    break;
+	case KRB5_KDB_SALTTYPE_NOREALM:
+	    if (retval = norealm_salt(request->client, &data_bar)) {
+		cleanup();
+		return retval;
+	    }
+	    padat_tmp[0]->length = data_bar.length;
+	    padat_tmp[0]->contents = (krb5_octet *)data_bar.data;
+	    break;
+	case KRB5_KDB_SALTTYPE_ONLYREALM:
+	    data_foo = krb5_princ_realm(request->client);
+	    padat_tmp[0]->length = data_foo->length;
+	    padat_tmp[0]->contents = (krb5_octet *)data_foo->data;
+	    break;
+	case KRB5_KDB_SALTTYPE_SPECIAL:
+	    padat_tmp[0]->length = client.salt_length;
+	    padat_tmp[0]->contents = client.salt;
+	    break;
+	}
+	reply.padata = padat_tmp;
+    }
+
+#undef cleanup
+#define cleanup() {krb5_db_free_principal(&client, 1); \
+		   memset((char *)session_key->contents, 0, \
+			  session_key->length); \
+		   free((char *)session_key->contents); \
+		   session_key->contents = 0; \
+		   memset(ticket_reply.enc_part.ciphertext.data, 0, \
+			 ticket_reply.enc_part.ciphertext.length); \
+		   free(ticket_reply.enc_part.ciphertext.data); \
+		   if (client.salt_type == KRB5_KDB_SALTTYPE_NOREALM) xfree(padat_tmp[0]->contents);}
 
     reply.client = request->client;
     /* XXX need separate etypes for ticket encryption and kdc_rep encryption */
-- 
2.26.2