Modify random salt creation for interoperability

See: https://fedorahosted.org/freeipa/ticket/2038
2025-02-25 18:55:28 -06:00 · 2011-11-03 16:15:10 -04:00 · 2011-11-03 16:15:10 -04:00 · f7938a1773
commit f7938a1773
parent ccb1433839
1 changed files with 29 additions and 8 deletions
--- a/util/ipa_krb5.c
+++ b/util/ipa_krb5.c
@ -9,6 +9,34 @@
 /* Salt types */
 #define KRB5P_SALT_SIZE 16

+static krb5_error_code ipa_get_random_salt(krb5_context krbctx,
+                                           krb5_data *salt)
+{
+    krb5_error_code kerr;
+    int i;
+
+    /* make random salt */
+    salt->length = KRB5P_SALT_SIZE;
+    salt->data = malloc(KRB5P_SALT_SIZE);
+    if (!salt->data) {
+        return ENOMEM;
+    }
+    kerr = krb5_c_random_make_octets(krbctx, salt);
+    if (kerr) {
+        return kerr;
+    }
+
+    /* Windows treats the salt as a string.
+     * To avoid any compatibility issue, limits octects only to
+     * the ASCII printable range, or 0x20 <= val <= 0x7E */
+    for (i = 0; i < salt->length; i++) {
+        salt->data[i] %= 0x5E; /* 7E - 20 */
+        salt->data[i] += 0x20; /* add base */
+    }
+
+    return 0;
+}
+
 void
 ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val)
 {
@ -125,14 +153,7 @@ krb5_error_code ipa_krb5_generate_key_data(krb5_context krbctx,

        case KRB5_KDB_SALTTYPE_SPECIAL:

-            /* make random salt */
-            salt.length = KRB5P_SALT_SIZE;
-            salt.data = malloc(KRB5P_SALT_SIZE);
-            if (!salt.data) {
-                kerr = ENOMEM;
-                goto done;
-            }
-            kerr = krb5_c_random_make_octets(krbctx, &salt);
+            kerr = ipa_get_random_salt(krbctx, &salt);
            if (kerr) {
                goto done;
            }