summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-06-28 23:19:16 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-06-29 16:59:30 +1000
commit5167b97ff2d77ef28c59bb36988835ae421f027b (patch)
tree384389c931b76c17ae1f9d86d4c400ea796df7ec
parent9fc3f8194d55c20e1d5404301a0663888c4a0ba5 (diff)
downloadsamba-5167b97ff2d77ef28c59bb36988835ae421f027b.tar.gz
samba-5167b97ff2d77ef28c59bb36988835ae421f027b.tar.bz2
samba-5167b97ff2d77ef28c59bb36988835ae421f027b.zip
s4:kerberos Add functions to convert msDS-SupportedEncryptionTypes
This will allow us to interpret this attibute broadly in Samba. Andrew Bartlett
-rw-r--r--source4/auth/kerberos/kerberos.h3
-rw-r--r--source4/auth/kerberos/kerberos_util.c57
2 files changed, 60 insertions, 0 deletions
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index 7e3a7865d6..b4422b5b16 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -140,6 +140,9 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
time_t tgs_authtime,
DATA_BLOB *pac);
struct loadparm_context;
+uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum);
+/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */
+krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap);
#include "auth/kerberos/proto.h"
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index 2b358515f8..30e43f0795 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -740,3 +740,60 @@ krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx,
return ret;
}
+/* Translate between the IETF encryption type values and the Microsoft msDS-SupportedEncryptionTypes values */
+uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum)
+{
+ switch (enc_type_enum) {
+ case ENCTYPE_DES_CBC_CRC:
+ return ENC_CRC32;
+ case ENCTYPE_DES_CBC_MD5:
+ return ENC_RSA_MD5;
+ case ENCTYPE_ARCFOUR_HMAC_MD5:
+ return ENC_RC4_HMAC_MD5;
+ case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
+ return ENC_HMAC_SHA1_96_AES128;
+ case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
+ return ENC_HMAC_SHA1_96_AES256;
+ default:
+ return 0;
+ }
+}
+
+/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */
+krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap)
+{
+ switch (enctype_bitmap) {
+ case ENC_CRC32:
+ return ENCTYPE_DES_CBC_CRC;
+ case ENC_RSA_MD5:
+ return ENCTYPE_DES_CBC_MD5;
+ case ENC_RC4_HMAC_MD5:
+ return ENCTYPE_ARCFOUR_HMAC_MD5;
+ case ENC_HMAC_SHA1_96_AES128:
+ return ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+ case ENC_HMAC_SHA1_96_AES256:
+ return ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+ default:
+ return 0;
+ }
+}
+
+/* Return an array of krb5_enctype values */
+krb5_error_code kerberos_enctype_bitmap_to_enctypes(TALLOC_CTX *mem_ctx, uint32_t enctype_bitmap, krb5_enctype **enctypes)
+{
+ unsigned int i, j = 0;
+ *enctypes = talloc_zero_array(mem_ctx, krb5_enctype, 8*sizeof(enctype_bitmap));
+ if (!*enctypes) {
+ return ENOMEM;
+ }
+ for (i=0; i<(8*sizeof(enctype_bitmap)); i++) {
+ if ((1 << i) & enctype_bitmap) {
+ (*enctypes)[j] = kerberos_enctype_bitmap_to_enctype(enctype_bitmap);
+ if (!(*enctypes)[j]) {
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ j++;
+ }
+ }
+ return 0;
+}