From 62373b8a509fb874728c351e8039f94e3a1dd6db Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 27 Aug 2012 18:34:02 +1000 Subject: lib/krb5_wrap: Move enctype conversion functions into a simple helper file --- lib/krb5_wrap/enctype_convert.c | 104 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 lib/krb5_wrap/enctype_convert.c (limited to 'lib/krb5_wrap/enctype_convert.c') diff --git a/lib/krb5_wrap/enctype_convert.c b/lib/krb5_wrap/enctype_convert.c new file mode 100644 index 0000000000..446384ef3e --- /dev/null +++ b/lib/krb5_wrap/enctype_convert.c @@ -0,0 +1,104 @@ +/* + Unix SMB/CIFS implementation. + + Kerberos utility functions + + Copyright (C) Andrew Bartlett 2004-2012 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "krb5_samba.h" +#include "librpc/gen_ndr/netlogon.h" + +const krb5_enctype *samba_all_enctypes(void) +{ + /* TODO: Find a way not to have to use a fixed list */ + static const krb5_enctype enctypes[] = { + KRB5_ENCTYPE_DES_CBC_CRC, + KRB5_ENCTYPE_DES_CBC_MD5, + KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96, + KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96, + KRB5_ENCTYPE_ARCFOUR_HMAC_MD5, + 0 + }; + return enctypes; +}; + +/* Translate between the IETF encryption type values and the Microsoft + * msDS-SupportedEncryptionTypes values */ +uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum) +{ + switch (enc_type_enum) { + case ENCTYPE_DES_CBC_CRC: + return ENC_CRC32; + case ENCTYPE_DES_CBC_MD5: + return ENC_RSA_MD5; + case ENCTYPE_ARCFOUR_HMAC_MD5: + return ENC_RC4_HMAC_MD5; + case ENCTYPE_AES128_CTS_HMAC_SHA1_96: + return ENC_HMAC_SHA1_96_AES128; + case ENCTYPE_AES256_CTS_HMAC_SHA1_96: + return ENC_HMAC_SHA1_96_AES256; + default: + return 0; + } +} + +/* Translate between the Microsoft msDS-SupportedEncryptionTypes values + * and the IETF encryption type values */ +krb5_enctype ms_suptype_to_ietf_enctype(uint32_t enctype_bitmap) +{ + switch (enctype_bitmap) { + case ENC_CRC32: + return ENCTYPE_DES_CBC_CRC; + case ENC_RSA_MD5: + return ENCTYPE_DES_CBC_MD5; + case ENC_RC4_HMAC_MD5: + return ENCTYPE_ARCFOUR_HMAC; + case ENC_HMAC_SHA1_96_AES128: + return ENCTYPE_AES128_CTS_HMAC_SHA1_96; + case ENC_HMAC_SHA1_96_AES256: + return ENCTYPE_AES256_CTS_HMAC_SHA1_96; + default: + return 0; + } +} + +/* Return an array of krb5_enctype values */ +krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX *mem_ctx, + uint32_t enctype_bitmap, + krb5_enctype **enctypes) +{ + unsigned int i, j = 0; + *enctypes = talloc_zero_array(mem_ctx, krb5_enctype, + (8 * sizeof(enctype_bitmap)) + 1); + if (!*enctypes) { + return ENOMEM; + } + for (i = 0; i < (8 * sizeof(enctype_bitmap)); i++) { + uint32_t bit_value = (1 << i) & enctype_bitmap; + if (bit_value & enctype_bitmap) { + (*enctypes)[j] = ms_suptype_to_ietf_enctype(bit_value); + if (!(*enctypes)[j]) { + continue; + } + j++; + } + } + (*enctypes)[j] = 0; + return 0; +} -- cgit