From 5167b97ff2d77ef28c59bb36988835ae421f027b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 28 Jun 2010 23:19:16 +1000 Subject: [PATCH] s4:kerberos Add functions to convert msDS-SupportedEncryptionTypes This will allow us to interpret this attibute broadly in Samba. Andrew Bartlett --- source4/auth/kerberos/kerberos.h | 3 ++ source4/auth/kerberos/kerberos_util.c | 57 +++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h index 7e3a7865d6f..b4422b5b16d 100644 --- a/source4/auth/kerberos/kerberos.h +++ b/source4/auth/kerberos/kerberos.h @@ -140,6 +140,9 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, time_t tgs_authtime, DATA_BLOB *pac); struct loadparm_context; +uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum); +/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */ +krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap); #include "auth/kerberos/proto.h" diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 2b358515f87..30e43f0795a 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -740,3 +740,60 @@ krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, return ret; } +/* Translate between the IETF encryption type values and the Microsoft msDS-SupportedEncryptionTypes values */ +uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum) +{ + switch (enc_type_enum) { + case ENCTYPE_DES_CBC_CRC: + return ENC_CRC32; + case ENCTYPE_DES_CBC_MD5: + return ENC_RSA_MD5; + case ENCTYPE_ARCFOUR_HMAC_MD5: + return ENC_RC4_HMAC_MD5; + case ENCTYPE_AES128_CTS_HMAC_SHA1_96: + return ENC_HMAC_SHA1_96_AES128; + case ENCTYPE_AES256_CTS_HMAC_SHA1_96: + return ENC_HMAC_SHA1_96_AES256; + default: + return 0; + } +} + +/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */ +krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap) +{ + switch (enctype_bitmap) { + case ENC_CRC32: + return ENCTYPE_DES_CBC_CRC; + case ENC_RSA_MD5: + return ENCTYPE_DES_CBC_MD5; + case ENC_RC4_HMAC_MD5: + return ENCTYPE_ARCFOUR_HMAC_MD5; + case ENC_HMAC_SHA1_96_AES128: + return ENCTYPE_AES128_CTS_HMAC_SHA1_96; + case ENC_HMAC_SHA1_96_AES256: + return ENCTYPE_AES256_CTS_HMAC_SHA1_96; + default: + return 0; + } +} + +/* Return an array of krb5_enctype values */ +krb5_error_code kerberos_enctype_bitmap_to_enctypes(TALLOC_CTX *mem_ctx, uint32_t enctype_bitmap, krb5_enctype **enctypes) +{ + unsigned int i, j = 0; + *enctypes = talloc_zero_array(mem_ctx, krb5_enctype, 8*sizeof(enctype_bitmap)); + if (!*enctypes) { + return ENOMEM; + } + for (i=0; i<(8*sizeof(enctype_bitmap)); i++) { + if ((1 << i) & enctype_bitmap) { + (*enctypes)[j] = kerberos_enctype_bitmap_to_enctype(enctype_bitmap); + if (!(*enctypes)[j]) { + return KRB5_PROG_ETYPE_NOSUPP; + } + j++; + } + } + return 0; +}