1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s4:kerberos Add functions to convert msDS-SupportedEncryptionTypes

This will allow us to interpret this attibute broadly in Samba.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2010-06-28 23:19:16 +10:00
parent 9fc3f8194d
commit 5167b97ff2
2 changed files with 60 additions and 0 deletions

View File

@ -140,6 +140,9 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
time_t tgs_authtime, time_t tgs_authtime,
DATA_BLOB *pac); DATA_BLOB *pac);
struct loadparm_context; struct loadparm_context;
uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum);
/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */
krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap);
#include "auth/kerberos/proto.h" #include "auth/kerberos/proto.h"

View File

@ -740,3 +740,60 @@ krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx,
return ret; return ret;
} }
/* Translate between the IETF encryption type values and the Microsoft msDS-SupportedEncryptionTypes values */
uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum)
{
switch (enc_type_enum) {
case ENCTYPE_DES_CBC_CRC:
return ENC_CRC32;
case ENCTYPE_DES_CBC_MD5:
return ENC_RSA_MD5;
case ENCTYPE_ARCFOUR_HMAC_MD5:
return ENC_RC4_HMAC_MD5;
case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
return ENC_HMAC_SHA1_96_AES128;
case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
return ENC_HMAC_SHA1_96_AES256;
default:
return 0;
}
}
/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */
krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap)
{
switch (enctype_bitmap) {
case ENC_CRC32:
return ENCTYPE_DES_CBC_CRC;
case ENC_RSA_MD5:
return ENCTYPE_DES_CBC_MD5;
case ENC_RC4_HMAC_MD5:
return ENCTYPE_ARCFOUR_HMAC_MD5;
case ENC_HMAC_SHA1_96_AES128:
return ENCTYPE_AES128_CTS_HMAC_SHA1_96;
case ENC_HMAC_SHA1_96_AES256:
return ENCTYPE_AES256_CTS_HMAC_SHA1_96;
default:
return 0;
}
}
/* Return an array of krb5_enctype values */
krb5_error_code kerberos_enctype_bitmap_to_enctypes(TALLOC_CTX *mem_ctx, uint32_t enctype_bitmap, krb5_enctype **enctypes)
{
unsigned int i, j = 0;
*enctypes = talloc_zero_array(mem_ctx, krb5_enctype, 8*sizeof(enctype_bitmap));
if (!*enctypes) {
return ENOMEM;
}
for (i=0; i<(8*sizeof(enctype_bitmap)); i++) {
if ((1 << i) & enctype_bitmap) {
(*enctypes)[j] = kerberos_enctype_bitmap_to_enctype(enctype_bitmap);
if (!(*enctypes)[j]) {
return KRB5_PROG_ETYPE_NOSUPP;
}
j++;
}
}
return 0;
}