summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/krb5_wrap/enctype_convert.c104
-rw-r--r--lib/krb5_wrap/krb5_samba.c35
-rw-r--r--lib/krb5_wrap/krb5_samba.h4
-rwxr-xr-xlib/krb5_wrap/wscript_build2
-rw-r--r--source4/auth/kerberos/srv_keytab.c45
5 files changed, 109 insertions, 81 deletions
diff --git a/lib/krb5_wrap/enctype_convert.c b/lib/krb5_wrap/enctype_convert.c
new file mode 100644
index 0000000000..446384ef3e
--- /dev/null
+++ b/lib/krb5_wrap/enctype_convert.c
@@ -0,0 +1,104 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Kerberos utility functions
+
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "krb5_samba.h"
+#include "librpc/gen_ndr/netlogon.h"
+
+const krb5_enctype *samba_all_enctypes(void)
+{
+ /* TODO: Find a way not to have to use a fixed list */
+ static const krb5_enctype enctypes[] = {
+ KRB5_ENCTYPE_DES_CBC_CRC,
+ KRB5_ENCTYPE_DES_CBC_MD5,
+ KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+ KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
+ 0
+ };
+ return enctypes;
+};
+
+/* Translate between the IETF encryption type values and the Microsoft
+ * msDS-SupportedEncryptionTypes values */
+uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum)
+{
+ switch (enc_type_enum) {
+ case ENCTYPE_DES_CBC_CRC:
+ return ENC_CRC32;
+ case ENCTYPE_DES_CBC_MD5:
+ return ENC_RSA_MD5;
+ case ENCTYPE_ARCFOUR_HMAC_MD5:
+ return ENC_RC4_HMAC_MD5;
+ case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
+ return ENC_HMAC_SHA1_96_AES128;
+ case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
+ return ENC_HMAC_SHA1_96_AES256;
+ default:
+ return 0;
+ }
+}
+
+/* Translate between the Microsoft msDS-SupportedEncryptionTypes values
+ * and the IETF encryption type values */
+krb5_enctype ms_suptype_to_ietf_enctype(uint32_t enctype_bitmap)
+{
+ switch (enctype_bitmap) {
+ case ENC_CRC32:
+ return ENCTYPE_DES_CBC_CRC;
+ case ENC_RSA_MD5:
+ return ENCTYPE_DES_CBC_MD5;
+ case ENC_RC4_HMAC_MD5:
+ return ENCTYPE_ARCFOUR_HMAC;
+ case ENC_HMAC_SHA1_96_AES128:
+ return ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+ case ENC_HMAC_SHA1_96_AES256:
+ return ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+ default:
+ return 0;
+ }
+}
+
+/* Return an array of krb5_enctype values */
+krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX *mem_ctx,
+ uint32_t enctype_bitmap,
+ krb5_enctype **enctypes)
+{
+ unsigned int i, j = 0;
+ *enctypes = talloc_zero_array(mem_ctx, krb5_enctype,
+ (8 * sizeof(enctype_bitmap)) + 1);
+ if (!*enctypes) {
+ return ENOMEM;
+ }
+ for (i = 0; i < (8 * sizeof(enctype_bitmap)); i++) {
+ uint32_t bit_value = (1 << i) & enctype_bitmap;
+ if (bit_value & enctype_bitmap) {
+ (*enctypes)[j] = ms_suptype_to_ietf_enctype(bit_value);
+ if (!(*enctypes)[j]) {
+ continue;
+ }
+ j++;
+ }
+ }
+ (*enctypes)[j] = 0;
+ return 0;
+}
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 171908aecc..2d237ffa12 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -23,7 +23,6 @@
#include "includes.h"
#include "krb5_samba.h"
#include "lib/util/asn1.h"
-#include "librpc/gen_ndr/netlogon.h"
#ifndef KRB5_AUTHDATA_WIN2K_PAC
#define KRB5_AUTHDATA_WIN2K_PAC 128
@@ -2333,40 +2332,6 @@ char *smb_get_krb5_error_message(krb5_context context,
return ret;
}
-const krb5_enctype *samba_all_enctypes(void)
-{
- /* TODO: Find a way not to have to use a fixed list */
- static const krb5_enctype enctypes[] = {
- KRB5_ENCTYPE_DES_CBC_CRC,
- KRB5_ENCTYPE_DES_CBC_MD5,
- KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96,
- KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
- 0
- };
- return enctypes;
-};
-
-/* Translate between the IETF encryption type values and the Microsoft
- * msDS-SupportedEncryptionTypes values */
-uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum)
-{
- switch (enc_type_enum) {
- case ENCTYPE_DES_CBC_CRC:
- return ENC_CRC32;
- case ENCTYPE_DES_CBC_MD5:
- return ENC_RSA_MD5;
- case ENCTYPE_ARCFOUR_HMAC_MD5:
- return ENC_RC4_HMAC_MD5;
- case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
- return ENC_HMAC_SHA1_96_AES128;
- case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
- return ENC_HMAC_SHA1_96_AES256;
- default:
- return 0;
- }
-}
-
#else /* HAVE_KRB5 */
/* this saves a few linking headaches */
int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 87990e1ae8..c823c734cc 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -296,6 +296,10 @@ krb5_boolean smb_krb5_kt_compare(krb5_context context,
const krb5_enctype *samba_all_enctypes(void);
uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum);
+krb5_enctype ms_suptype_to_ietf_enctype(uint32_t enctype_bitmap);
+krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX *mem_ctx,
+ uint32_t enctype_bitmap,
+ krb5_enctype **enctypes);
#endif /* HAVE_KRB5 */
diff --git a/lib/krb5_wrap/wscript_build b/lib/krb5_wrap/wscript_build
index 961a0a44c4..1a65d28b6c 100755
--- a/lib/krb5_wrap/wscript_build
+++ b/lib/krb5_wrap/wscript_build
@@ -5,7 +5,7 @@ if bld.CONFIG_SET('SAMBA4_USES_HEIMDAL'):
add_deps = ' asn1'
bld.SAMBA_LIBRARY('krb5samba',
- source='krb5_samba.c gss_samba.c keytab_util.c',
+ source='krb5_samba.c gss_samba.c keytab_util.c enctype_convert.c',
deps='samba-util asn1util talloc krb5 com_err gssapi' + add_deps,
private_library=True
)
diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c
index c3c96163e0..1fc8b4cfed 100644
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -187,51 +187,6 @@ static krb5_error_code salt_principal(TALLOC_CTX *parent_ctx,
return ret;
}
-/* Translate between the Microsoft msDS-SupportedEncryptionTypes values
- * and the IETF encryption type values */
-static krb5_enctype ms_suptype_to_ietf_enctype(uint32_t enctype_bitmap)
-{
- switch (enctype_bitmap) {
- case ENC_CRC32:
- return ENCTYPE_DES_CBC_CRC;
- case ENC_RSA_MD5:
- return ENCTYPE_DES_CBC_MD5;
- case ENC_RC4_HMAC_MD5:
- return ENCTYPE_ARCFOUR_HMAC;
- case ENC_HMAC_SHA1_96_AES128:
- return ENCTYPE_AES128_CTS_HMAC_SHA1_96;
- case ENC_HMAC_SHA1_96_AES256:
- return ENCTYPE_AES256_CTS_HMAC_SHA1_96;
- default:
- return 0;
- }
-}
-
-/* Return an array of krb5_enctype values */
-static krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX *mem_ctx,
- uint32_t enctype_bitmap,
- krb5_enctype **enctypes)
-{
- unsigned int i, j = 0;
- *enctypes = talloc_zero_array(mem_ctx, krb5_enctype,
- (8 * sizeof(enctype_bitmap)) + 1);
- if (!*enctypes) {
- return ENOMEM;
- }
- for (i = 0; i < (8 * sizeof(enctype_bitmap)); i++) {
- uint32_t bit_value = (1 << i) & enctype_bitmap;
- if (bit_value & enctype_bitmap) {
- (*enctypes)[j] = ms_suptype_to_ietf_enctype(bit_value);
- if (!(*enctypes)[j]) {
- continue;
- }
- j++;
- }
- }
- (*enctypes)[j] = 0;
- return 0;
-}
-
static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx,
krb5_principal *principals,
krb5_principal salt_princ,