mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s4:kerberos Add functions to convert msDS-SupportedEncryptionTypes
This will allow us to interpret this attibute broadly in Samba. Andrew Bartlett
This commit is contained in:
parent
9fc3f8194d
commit
5167b97ff2
@ -140,6 +140,9 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
|
||||
time_t tgs_authtime,
|
||||
DATA_BLOB *pac);
|
||||
struct loadparm_context;
|
||||
uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum);
|
||||
/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */
|
||||
krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap);
|
||||
|
||||
#include "auth/kerberos/proto.h"
|
||||
|
||||
|
@ -740,3 +740,60 @@ krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx,
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Translate between the IETF encryption type values and the Microsoft msDS-SupportedEncryptionTypes values */
|
||||
uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum)
|
||||
{
|
||||
switch (enc_type_enum) {
|
||||
case ENCTYPE_DES_CBC_CRC:
|
||||
return ENC_CRC32;
|
||||
case ENCTYPE_DES_CBC_MD5:
|
||||
return ENC_RSA_MD5;
|
||||
case ENCTYPE_ARCFOUR_HMAC_MD5:
|
||||
return ENC_RC4_HMAC_MD5;
|
||||
case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
|
||||
return ENC_HMAC_SHA1_96_AES128;
|
||||
case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
|
||||
return ENC_HMAC_SHA1_96_AES256;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */
|
||||
krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap)
|
||||
{
|
||||
switch (enctype_bitmap) {
|
||||
case ENC_CRC32:
|
||||
return ENCTYPE_DES_CBC_CRC;
|
||||
case ENC_RSA_MD5:
|
||||
return ENCTYPE_DES_CBC_MD5;
|
||||
case ENC_RC4_HMAC_MD5:
|
||||
return ENCTYPE_ARCFOUR_HMAC_MD5;
|
||||
case ENC_HMAC_SHA1_96_AES128:
|
||||
return ENCTYPE_AES128_CTS_HMAC_SHA1_96;
|
||||
case ENC_HMAC_SHA1_96_AES256:
|
||||
return ENCTYPE_AES256_CTS_HMAC_SHA1_96;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* Return an array of krb5_enctype values */
|
||||
krb5_error_code kerberos_enctype_bitmap_to_enctypes(TALLOC_CTX *mem_ctx, uint32_t enctype_bitmap, krb5_enctype **enctypes)
|
||||
{
|
||||
unsigned int i, j = 0;
|
||||
*enctypes = talloc_zero_array(mem_ctx, krb5_enctype, 8*sizeof(enctype_bitmap));
|
||||
if (!*enctypes) {
|
||||
return ENOMEM;
|
||||
}
|
||||
for (i=0; i<(8*sizeof(enctype_bitmap)); i++) {
|
||||
if ((1 << i) & enctype_bitmap) {
|
||||
(*enctypes)[j] = kerberos_enctype_bitmap_to_enctype(enctype_bitmap);
|
||||
if (!(*enctypes)[j]) {
|
||||
return KRB5_PROG_ETYPE_NOSUPP;
|
||||
}
|
||||
j++;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user