diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-06-28 23:19:16 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-06-29 16:59:30 +1000 |
commit | 5167b97ff2d77ef28c59bb36988835ae421f027b (patch) | |
tree | 384389c931b76c17ae1f9d86d4c400ea796df7ec /source4 | |
parent | 9fc3f8194d55c20e1d5404301a0663888c4a0ba5 (diff) | |
download | samba-5167b97ff2d77ef28c59bb36988835ae421f027b.tar.gz samba-5167b97ff2d77ef28c59bb36988835ae421f027b.tar.bz2 samba-5167b97ff2d77ef28c59bb36988835ae421f027b.zip |
s4:kerberos Add functions to convert msDS-SupportedEncryptionTypes
This will allow us to interpret this attibute broadly in Samba.
Andrew Bartlett
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/kerberos/kerberos.h | 3 | ||||
-rw-r--r-- | source4/auth/kerberos/kerberos_util.c | 57 |
2 files changed, 60 insertions, 0 deletions
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h index 7e3a7865d6..b4422b5b16 100644 --- a/source4/auth/kerberos/kerberos.h +++ b/source4/auth/kerberos/kerberos.h @@ -140,6 +140,9 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, time_t tgs_authtime, DATA_BLOB *pac); struct loadparm_context; +uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum); +/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */ +krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap); #include "auth/kerberos/proto.h" diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 2b358515f8..30e43f0795 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -740,3 +740,60 @@ krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, return ret; } +/* Translate between the IETF encryption type values and the Microsoft msDS-SupportedEncryptionTypes values */ +uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum) +{ + switch (enc_type_enum) { + case ENCTYPE_DES_CBC_CRC: + return ENC_CRC32; + case ENCTYPE_DES_CBC_MD5: + return ENC_RSA_MD5; + case ENCTYPE_ARCFOUR_HMAC_MD5: + return ENC_RC4_HMAC_MD5; + case ENCTYPE_AES128_CTS_HMAC_SHA1_96: + return ENC_HMAC_SHA1_96_AES128; + case ENCTYPE_AES256_CTS_HMAC_SHA1_96: + return ENC_HMAC_SHA1_96_AES256; + default: + return 0; + } +} + +/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */ +krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap) +{ + switch (enctype_bitmap) { + case ENC_CRC32: + return ENCTYPE_DES_CBC_CRC; + case ENC_RSA_MD5: + return ENCTYPE_DES_CBC_MD5; + case ENC_RC4_HMAC_MD5: + return ENCTYPE_ARCFOUR_HMAC_MD5; + case ENC_HMAC_SHA1_96_AES128: + return ENCTYPE_AES128_CTS_HMAC_SHA1_96; + case ENC_HMAC_SHA1_96_AES256: + return ENCTYPE_AES256_CTS_HMAC_SHA1_96; + default: + return 0; + } +} + +/* Return an array of krb5_enctype values */ +krb5_error_code kerberos_enctype_bitmap_to_enctypes(TALLOC_CTX *mem_ctx, uint32_t enctype_bitmap, krb5_enctype **enctypes) +{ + unsigned int i, j = 0; + *enctypes = talloc_zero_array(mem_ctx, krb5_enctype, 8*sizeof(enctype_bitmap)); + if (!*enctypes) { + return ENOMEM; + } + for (i=0; i<(8*sizeof(enctype_bitmap)); i++) { + if ((1 << i) & enctype_bitmap) { + (*enctypes)[j] = kerberos_enctype_bitmap_to_enctype(enctype_bitmap); + if (!(*enctypes)[j]) { + return KRB5_PROG_ETYPE_NOSUPP; + } + j++; + } + } + return 0; +} |