diff options
Diffstat (limited to 'src/kdc/main.c')
-rw-r--r-- | src/kdc/main.c | 84 |
1 files changed, 30 insertions, 54 deletions
diff --git a/src/kdc/main.c b/src/kdc/main.c index 4524c00..a8f4233 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -166,8 +166,6 @@ finish_realm(rdp) memset(rdp->realm_tgskey.contents, 0, rdp->realm_tgskey.length); free(rdp->realm_tgskey.contents); } - if (rdp->realm_encblock.crypto_entry) - krb5_finish_key(rdp->realm_context, &rdp->realm_encblock); krb5_db_fini(rdp->realm_context); if (rdp->realm_tgsprinc) krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc); @@ -326,17 +324,11 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, goto whoops; } - /* Select the specified encryption type */ - /* krb5_db_fetch_mkey will setup the encblock for stashed keys */ - if (manual) - krb5_use_enctype(rdp->realm_context, &rdp->realm_encblock, - rdp->realm_mkey.enctype); - /* * Get the master key. */ if ((kret = krb5_db_fetch_mkey(rdp->realm_context, rdp->realm_mprinc, - &rdp->realm_encblock, manual, + rdp->realm_mkey.enctype, manual, FALSE, rdp->realm_stash, 0, &rdp->realm_mkey))) { com_err(progname, kret, @@ -363,8 +355,7 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, /* Verify the master key */ if ((kret = krb5_db_verify_master_key(rdp->realm_context, rdp->realm_mprinc, - &rdp->realm_mkey, - &rdp->realm_encblock))) { + &rdp->realm_mkey))) { com_err(progname, kret, "while verifying master key for realm %s", realm); goto whoops; @@ -415,17 +406,7 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, rdp->realm_mkvno = kdata->key_data_kvno; krb5_db_free_principal(rdp->realm_context, &db_entry, num2get); - /* Now preprocess the master key */ - if ((kret = krb5_process_key(rdp->realm_context, - &rdp->realm_encblock, - &rdp->realm_mkey))) { - com_err(progname, kret, - "while processing master key for realm %s", realm); - goto whoops; - } - - if ((kret = krb5_db_set_mkey(rdp->realm_context, - &rdp->realm_encblock))) { + if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) { com_err(progname, kret, "while setting master key for realm %s", realm); goto whoops; @@ -491,7 +472,7 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, goto whoops; } if (!(kret = krb5_dbekd_decrypt_key_data(rdp->realm_context, - &rdp->realm_encblock, + &rdp->realm_mkey, kdata, &rdp->realm_tgskey, NULL))){ rdp->realm_tgskvno = kdata->key_data_kvno; @@ -506,45 +487,40 @@ init_realm(progname, rdp, realm, def_dbname, def_mpname, } if (!rkey_init_done) { - krb5_enctype enctype; - krb5_encrypt_block temp_eblock; + krb5_timestamp now; + krb5_data seed; #ifdef KRB5_KRB4_COMPAT - krb5_keyblock *temp_key; + krb5_keyblock temp_key; #endif /* * If all that worked, then initialize the random key * generators. */ - for (enctype = 0; enctype <= krb5_max_enctype; enctype++) { - if (krb5_enctype_array[enctype] && - !krb5_enctype_array[enctype]->random_sequence) { - krb5_use_enctype(rdp->realm_context, &temp_eblock, enctype); - if ((kret = krb5_init_random_key( - rdp->realm_context, &temp_eblock, - &rdp->realm_mkey, - &krb5_enctype_array[enctype]->random_sequence))) { - com_err(progname, kret, - "while setting up random key generator for enctype %d--enctype disabled", - enctype); - krb5_enctype_array[enctype] = 0; - } else { + + if ((kret = krb5_timeofday(rdp->realm_context, &now))) + goto whoops; + seed.length = sizeof(now); + seed.data = (char *) &now; + if ((kret = krb5_c_random_seed(rdp->realm_context, &seed))) + goto whoops; + + seed.length = rdp->realm_mkey.length; + seed.data = rdp->realm_mkey.contents; + + if ((kret = krb5_c_random_seed(rdp->realm_context, &seed))) + goto whoops; + #ifdef KRB5_KRB4_COMPAT - if (enctype == ENCTYPE_DES_CBC_CRC) { - if ((kret = krb5_random_key( - rdp->realm_context, &temp_eblock, - krb5_enctype_array[enctype]->random_sequence, - &temp_key))) - com_err(progname, kret, - "while initializing V4 random key generator"); - else { - (void) des_init_random_number_generator(temp_key->contents); - krb5_free_keyblock(rdp->realm_context, temp_key); - } - } -#endif - } - } + if ((kret = krb5_c_make_random_key(rdp->realm_context, + ENCTYPE_DES_CBC_CRC, &temp_key))) { + com_err(progname, kret, + "while initializing V4 random key generator"); + goto whoops; } + + (void) des_init_random_number_generator(temp_key.contents); + krb5_free_keyblock_contents(rdp->realm_context, &temp_key); +#endif rkey_init_done = 1; } whoops: |