sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

s4:kdc: Return PA-SUPPORTED-ENCTYPES

Browse Source 
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Joseph Sutton 2021-12-24 16:59:42 +13:00 committed by Joseph Sutton
parent cb382f7cdd
commit 0be58f55fa
1 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
source4/kdc/wdc-samba4.c
View File

@ -882,6 +882,65 @@ static krb5_error_code samba_wdc_check_client_access(void *priv,
return KRB5_PLUGIN_NO_HANDLE;
}
/* this function allocates 'data' using malloc.
* The caller is responsible for freeing it */
static krb5_error_code samba_kdc_build_supported_etypes(uint32_t supported_etypes,
krb5_data *e_data)
{
e_data->data = malloc(4);
if (e_data->data == NULL) {
return ENOMEM;
}
e_data->length = 4;
PUSH_LE_U32(e_data->data, 0, supported_etypes);
return 0;
}
static krb5_error_code samba_wdc_finalize_reply(void *priv,
astgs_request_t r)
{
struct samba_kdc_entry *server_kdc_entry;
uint32_t supported_enctypes;
server_kdc_entry = talloc_get_type(r->server->ctx, struct samba_kdc_entry);
/*
* If the canonicalize flag is set, add PA-SUPPORTED-ENCTYPES padata
* type to indicate what encryption types the server supports.
*/
supported_enctypes = server_kdc_entry->supported_enctypes;
if (r->req.req_body.kdc_options.canonicalize && supported_enctypes != 0) {
krb5_error_code ret;
krb5_data kd;
if (r->ek.encrypted_pa_data == NULL) {
r->ek.encrypted_pa_data = calloc(1, sizeof *(r->ek.encrypted_pa_data));
if (r->ek.encrypted_pa_data == NULL) {
return ENOMEM;
}
}
ret = samba_kdc_build_supported_etypes(supported_enctypes, &kd);
if (ret != 0) {
return ret;
}
ret = krb5_padata_add(r->context, r->ek.encrypted_pa_data,
KRB5_PADATA_SUPPORTED_ETYPES,
kd.data, kd.length);
if (ret != 0) {
/*
* So we do not leak the allocated
* memory on kd in the error case
*/
krb5_data_free(&kd);
}
}
return 0;
}
static krb5_error_code samba_wdc_plugin_init(krb5_context context, void **ptr)
{
*ptr = NULL;
@ -899,6 +958,7 @@ struct krb5plugin_windc_ftable windc_plugin_table = {
.fini = samba_wdc_plugin_fini,
.pac_verify = samba_wdc_reget_pac,
.client_access = samba_wdc_check_client_access,
.finalize_reply = samba_wdc_finalize_reply,
.pac_generate = samba_wdc_get_pac,
};