krb5_error_code KRB5_CALLCONV
krb5_c_string_to_key(krb5_context context, krb5_enctype enctype,
const krb5_data *string, const krb5_data *salt,
krb5_keyblock *key)
{
return krb5_c_string_to_key_with_params(context, enctype, string, salt,
NULL, key);
}
krb5_error_code
krb5_get_as_key_password(krb5_context context,
krb5_principal client,
krb5_enctype etype,
krb5_prompter_fct prompter,
void *prompter_data,
krb5_data *salt,
krb5_data *params,
krb5_keyblock *as_key,
void *gak_data)
{
krb5_data *password;
krb5_error_code ret;
krb5_data defsalt;
char *clientstr;
char promptstr[1024];
krb5_prompt prompt;
krb5_prompt_type prompt_type;
password = (krb5_data *) gak_data;
/* If there's already a key of the correct etype, we're done.
If the etype is wrong, free the existing key, and make
a new one.
XXX This was the old behavior, and was wrong in hw preauth
cases. Is this new behavior -- always asking -- correct in all
cases? */
if (as_key->length) {
if (as_key->enctype != etype) {
krb5_free_keyblock_contents (context, as_key);
as_key->length = 0;
}
}
if (password->length == 0 || password->data[0] == '\0') {
if (prompter == NULL)
return(EIO);
if ((ret = krb5_unparse_name(context, client, &clientstr)))
return(ret);
snprintf(promptstr, sizeof(promptstr), _("Password for %s"),
clientstr);
free(clientstr);
prompt.prompt = promptstr;
prompt.hidden = 1;
prompt.reply = password;
prompt_type = KRB5_PROMPT_TYPE_PASSWORD;
/* PROMPTER_INVOCATION */
krb5int_set_prompt_types(context, &prompt_type);
ret = (*prompter)(context, prompter_data, NULL, NULL, 1, &prompt);
krb5int_set_prompt_types(context, 0);
if (ret)
return(ret);
}
if (salt == NULL) {
if ((ret = krb5_principal2salt(context, client, &defsalt)))
return(ret);
salt = &defsalt;
} else {
defsalt.length = 0;
}
ret = krb5_c_string_to_key_with_params(context, etype, password, salt,
params->data?params:NULL, as_key);
if (defsalt.length)
free(defsalt.data);
return(ret);
}
