diff options
-rw-r--r-- | lib/krb5_wrap/enctype_convert.c | 104 | ||||
-rw-r--r-- | lib/krb5_wrap/krb5_samba.c | 35 | ||||
-rw-r--r-- | lib/krb5_wrap/krb5_samba.h | 4 | ||||
-rwxr-xr-x | lib/krb5_wrap/wscript_build | 2 | ||||
-rw-r--r-- | source4/auth/kerberos/srv_keytab.c | 45 |
5 files changed, 109 insertions, 81 deletions
diff --git a/lib/krb5_wrap/enctype_convert.c b/lib/krb5_wrap/enctype_convert.c new file mode 100644 index 0000000000..446384ef3e --- /dev/null +++ b/lib/krb5_wrap/enctype_convert.c @@ -0,0 +1,104 @@ +/* + Unix SMB/CIFS implementation. + + Kerberos utility functions + + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2012 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "krb5_samba.h" +#include "librpc/gen_ndr/netlogon.h" + +const krb5_enctype *samba_all_enctypes(void) +{ + /* TODO: Find a way not to have to use a fixed list */ + static const krb5_enctype enctypes[] = { + KRB5_ENCTYPE_DES_CBC_CRC, + KRB5_ENCTYPE_DES_CBC_MD5, + KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96, + KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, + KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, + 0 + }; + return enctypes; +}; + +/* Translate between the IETF encryption type values and the Microsoft + * msDS-SupportedEncryptionTypes values */ +uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum) +{ + switch (enc_type_enum) { + case ENCTYPE_DES_CBC_CRC: + return ENC_CRC32; + case ENCTYPE_DES_CBC_MD5: + return ENC_RSA_MD5; + case ENCTYPE_ARCFOUR_HMAC_MD5: + return ENC_RC4_HMAC_MD5; + case ENCTYPE_AES128_CTS_HMAC_SHA1_96: + return ENC_HMAC_SHA1_96_AES128; + case ENCTYPE_AES256_CTS_HMAC_SHA1_96: + return ENC_HMAC_SHA1_96_AES256; + default: + return 0; + } +} + +/* Translate between the Microsoft msDS-SupportedEncryptionTypes values + * and the IETF encryption type values */ +krb5_enctype ms_suptype_to_ietf_enctype(uint32_t enctype_bitmap) +{ + switch (enctype_bitmap) { + case ENC_CRC32: + return ENCTYPE_DES_CBC_CRC; + case ENC_RSA_MD5: + return ENCTYPE_DES_CBC_MD5; + case ENC_RC4_HMAC_MD5: + return ENCTYPE_ARCFOUR_HMAC; + case ENC_HMAC_SHA1_96_AES128: + return ENCTYPE_AES128_CTS_HMAC_SHA1_96; + case ENC_HMAC_SHA1_96_AES256: + return ENCTYPE_AES256_CTS_HMAC_SHA1_96; + default: + return 0; + } +} + +/* Return an array of krb5_enctype values */ +krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX *mem_ctx, + uint32_t enctype_bitmap, + krb5_enctype **enctypes) +{ + unsigned int i, j = 0; + *enctypes = talloc_zero_array(mem_ctx, krb5_enctype, + (8 * sizeof(enctype_bitmap)) + 1); + if (!*enctypes) { + return ENOMEM; + } + for (i = 0; i < (8 * sizeof(enctype_bitmap)); i++) { + uint32_t bit_value = (1 << i) & enctype_bitmap; + if (bit_value & enctype_bitmap) { + (*enctypes)[j] = ms_suptype_to_ietf_enctype(bit_value); + if (!(*enctypes)[j]) { + continue; + } + j++; + } + } + (*enctypes)[j] = 0; + return 0; +} diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 171908aecc..2d237ffa12 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -23,7 +23,6 @@ #include "includes.h" #include "krb5_samba.h" #include "lib/util/asn1.h" -#include "librpc/gen_ndr/netlogon.h" #ifndef KRB5_AUTHDATA_WIN2K_PAC #define KRB5_AUTHDATA_WIN2K_PAC 128 @@ -2333,40 +2332,6 @@ char *smb_get_krb5_error_message(krb5_context context, return ret; } -const krb5_enctype *samba_all_enctypes(void) -{ - /* TODO: Find a way not to have to use a fixed list */ - static const krb5_enctype enctypes[] = { - KRB5_ENCTYPE_DES_CBC_CRC, - KRB5_ENCTYPE_DES_CBC_MD5, - KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96, - KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, - KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, - 0 - }; - return enctypes; -}; - -/* Translate between the IETF encryption type values and the Microsoft - * msDS-SupportedEncryptionTypes values */ -uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum) -{ - switch (enc_type_enum) { - case ENCTYPE_DES_CBC_CRC: - return ENC_CRC32; - case ENCTYPE_DES_CBC_MD5: - return ENC_RSA_MD5; - case ENCTYPE_ARCFOUR_HMAC_MD5: - return ENC_RC4_HMAC_MD5; - case ENCTYPE_AES128_CTS_HMAC_SHA1_96: - return ENC_HMAC_SHA1_96_AES128; - case ENCTYPE_AES256_CTS_HMAC_SHA1_96: - return ENC_HMAC_SHA1_96_AES256; - default: - return 0; - } -} - #else /* HAVE_KRB5 */ /* this saves a few linking headaches */ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx, diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 87990e1ae8..c823c734cc 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -296,6 +296,10 @@ krb5_boolean smb_krb5_kt_compare(krb5_context context, const krb5_enctype *samba_all_enctypes(void); uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum); +krb5_enctype ms_suptype_to_ietf_enctype(uint32_t enctype_bitmap); +krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX *mem_ctx, + uint32_t enctype_bitmap, + krb5_enctype **enctypes); #endif /* HAVE_KRB5 */ diff --git a/lib/krb5_wrap/wscript_build b/lib/krb5_wrap/wscript_build index 961a0a44c4..1a65d28b6c 100755 --- a/lib/krb5_wrap/wscript_build +++ b/lib/krb5_wrap/wscript_build @@ -5,7 +5,7 @@ if bld.CONFIG_SET('SAMBA4_USES_HEIMDAL'): add_deps = ' asn1' bld.SAMBA_LIBRARY('krb5samba', - source='krb5_samba.c gss_samba.c keytab_util.c', + source='krb5_samba.c gss_samba.c keytab_util.c enctype_convert.c', deps='samba-util asn1util talloc krb5 com_err gssapi' + add_deps, private_library=True ) diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c index c3c96163e0..1fc8b4cfed 100644 --- a/source4/auth/kerberos/srv_keytab.c +++ b/source4/auth/kerberos/srv_keytab.c @@ -187,51 +187,6 @@ static krb5_error_code salt_principal(TALLOC_CTX *parent_ctx, return ret; } -/* Translate between the Microsoft msDS-SupportedEncryptionTypes values - * and the IETF encryption type values */ -static krb5_enctype ms_suptype_to_ietf_enctype(uint32_t enctype_bitmap) -{ - switch (enctype_bitmap) { - case ENC_CRC32: - return ENCTYPE_DES_CBC_CRC; - case ENC_RSA_MD5: - return ENCTYPE_DES_CBC_MD5; - case ENC_RC4_HMAC_MD5: - return ENCTYPE_ARCFOUR_HMAC; - case ENC_HMAC_SHA1_96_AES128: - return ENCTYPE_AES128_CTS_HMAC_SHA1_96; - case ENC_HMAC_SHA1_96_AES256: - return ENCTYPE_AES256_CTS_HMAC_SHA1_96; - default: - return 0; - } -} - -/* Return an array of krb5_enctype values */ -static krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX *mem_ctx, - uint32_t enctype_bitmap, - krb5_enctype **enctypes) -{ - unsigned int i, j = 0; - *enctypes = talloc_zero_array(mem_ctx, krb5_enctype, - (8 * sizeof(enctype_bitmap)) + 1); - if (!*enctypes) { - return ENOMEM; - } - for (i = 0; i < (8 * sizeof(enctype_bitmap)); i++) { - uint32_t bit_value = (1 << i) & enctype_bitmap; - if (bit_value & enctype_bitmap) { - (*enctypes)[j] = ms_suptype_to_ietf_enctype(bit_value); - if (!(*enctypes)[j]) { - continue; - } - j++; - } - } - (*enctypes)[j] = 0; - return 0; -} - static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx, krb5_principal *principals, krb5_principal salt_princ, |