diff options
| author | mp153739 <none@none> | 2008-01-14 11:57:29 -0800 |
|---|---|---|
| committer | mp153739 <none@none> | 2008-01-14 11:57:29 -0800 |
| commit | 0275604fc884950e825477a54bd32e98bc9bafbb (patch) | |
| tree | 90718379a7947a12eabbe8b73eebf636b88e45fe /usr/src | |
| parent | fd06a699040f011e80ab8ac5213bb0a47858e69b (diff) | |
| download | illumos-gate-0275604fc884950e825477a54bd32e98bc9bafbb.tar.gz | |
6644742 kadmind cores when using an 'afs3' salt and password > 8 chars
6647708 Cannot create des keys with afs3 salt
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/lib/gss_mechs/mech_krb5/crypto/des/afsstring2key.c | 5 | ||||
| -rw-r--r-- | usr/src/lib/gss_mechs/mech_krb5/crypto/des/string2key.c | 29 |
2 files changed, 23 insertions, 11 deletions
diff --git a/usr/src/lib/gss_mechs/mech_krb5/crypto/des/afsstring2key.c b/usr/src/lib/gss_mechs/mech_krb5/crypto/des/afsstring2key.c index 174d910c22..c194ea6012 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/crypto/des/afsstring2key.c +++ b/usr/src/lib/gss_mechs/mech_krb5/crypto/des/afsstring2key.c @@ -1,5 +1,5 @@ /* - * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -124,6 +124,9 @@ mit_afs_string_to_key (krb5_context context, mit_des_fixup_key_parity(key); /* clean & free the input string */ memset(password, 0, (size_t) sizeof(password)); + + /* Solaris Kerberos: Success */ + retval = 0; } else { /* Multiple blocks. Do a CBC checksum, twice, and use the result as the new key. */ diff --git a/usr/src/lib/gss_mechs/mech_krb5/crypto/des/string2key.c b/usr/src/lib/gss_mechs/mech_krb5/crypto/des/string2key.c index c0d3b4e64c..f8a9c1611f 100644 --- a/usr/src/lib/gss_mechs/mech_krb5/crypto/des/string2key.c +++ b/usr/src/lib/gss_mechs/mech_krb5/crypto/des/string2key.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -74,15 +74,24 @@ mit_des_string_to_key_int (krb5_context context, keyblock->length = sizeof(mit_des_cblock); key = keyblock->contents; - if (salt) { - if (salt->length == -1) { - /* cheat and do AFS string2key instead */ - return mit_afs_string_to_key (context, keyblock, data, salt); - } else - length = data->length + salt->length; - } - else - length = data->length; + if (salt + && (salt->length == SALT_TYPE_AFS_LENGTH + /* XXX Yuck! Aren't we done with this yet? */ + || salt->length == (unsigned) -1)) { + krb5_data afssalt; + char *at; + + afssalt.data = salt->data; + at = strchr(afssalt.data, '@'); + if (at) { + *at = 0; + afssalt.length = at - afssalt.data; + } else + afssalt.length = strlen(afssalt.data); + return mit_afs_string_to_key(context, keyblock, data, &afssalt); + } + + length = data->length + (salt ? salt->length : 0); copystr = malloc((size_t) length); if (!copystr) { |