krb5_error_code KRB5_CALLCONV krb5_c_string_to_key(krb5_context context, krb5_enctype enctype, const krb5_data *string, const krb5_data *salt, krb5_keyblock *key) { return krb5_c_string_to_key_with_params(context, enctype, string, salt, NULL, key); }
krb5_error_code krb5_get_as_key_password(krb5_context context, krb5_principal client, krb5_enctype etype, krb5_prompter_fct prompter, void *prompter_data, krb5_data *salt, krb5_data *params, krb5_keyblock *as_key, void *gak_data) { krb5_data *password; krb5_error_code ret; krb5_data defsalt; char *clientstr; char promptstr[1024]; krb5_prompt prompt; krb5_prompt_type prompt_type; password = (krb5_data *) gak_data; /* If there's already a key of the correct etype, we're done. If the etype is wrong, free the existing key, and make a new one. XXX This was the old behavior, and was wrong in hw preauth cases. Is this new behavior -- always asking -- correct in all cases? */ if (as_key->length) { if (as_key->enctype != etype) { krb5_free_keyblock_contents (context, as_key); as_key->length = 0; } } if (password->length == 0 || password->data[0] == '\0') { if (prompter == NULL) return(EIO); if ((ret = krb5_unparse_name(context, client, &clientstr))) return(ret); snprintf(promptstr, sizeof(promptstr), _("Password for %s"), clientstr); free(clientstr); prompt.prompt = promptstr; prompt.hidden = 1; prompt.reply = password; prompt_type = KRB5_PROMPT_TYPE_PASSWORD; /* PROMPTER_INVOCATION */ krb5int_set_prompt_types(context, &prompt_type); ret = (*prompter)(context, prompter_data, NULL, NULL, 1, &prompt); krb5int_set_prompt_types(context, 0); if (ret) return(ret); } if (salt == NULL) { if ((ret = krb5_principal2salt(context, client, &defsalt))) return(ret); salt = &defsalt; } else { defsalt.length = 0; } ret = krb5_c_string_to_key_with_params(context, etype, password, salt, params->data?params:NULL, as_key); if (defsalt.length) free(defsalt.data); return(ret); }