mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s4:kerberos Add functions to convert msDS-SupportedEncryptionTypes
This will allow us to interpret this attibute broadly in Samba. Andrew Bartlett
This commit is contained in:
parent
9fc3f8194d
commit
5167b97ff2
@ -140,6 +140,9 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
|
|||||||
time_t tgs_authtime,
|
time_t tgs_authtime,
|
||||||
DATA_BLOB *pac);
|
DATA_BLOB *pac);
|
||||||
struct loadparm_context;
|
struct loadparm_context;
|
||||||
|
uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum);
|
||||||
|
/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */
|
||||||
|
krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap);
|
||||||
|
|
||||||
#include "auth/kerberos/proto.h"
|
#include "auth/kerberos/proto.h"
|
||||||
|
|
||||||
|
@ -740,3 +740,60 @@ krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Translate between the IETF encryption type values and the Microsoft msDS-SupportedEncryptionTypes values */
|
||||||
|
uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum)
|
||||||
|
{
|
||||||
|
switch (enc_type_enum) {
|
||||||
|
case ENCTYPE_DES_CBC_CRC:
|
||||||
|
return ENC_CRC32;
|
||||||
|
case ENCTYPE_DES_CBC_MD5:
|
||||||
|
return ENC_RSA_MD5;
|
||||||
|
case ENCTYPE_ARCFOUR_HMAC_MD5:
|
||||||
|
return ENC_RC4_HMAC_MD5;
|
||||||
|
case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
|
||||||
|
return ENC_HMAC_SHA1_96_AES128;
|
||||||
|
case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
|
||||||
|
return ENC_HMAC_SHA1_96_AES256;
|
||||||
|
default:
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */
|
||||||
|
krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap)
|
||||||
|
{
|
||||||
|
switch (enctype_bitmap) {
|
||||||
|
case ENC_CRC32:
|
||||||
|
return ENCTYPE_DES_CBC_CRC;
|
||||||
|
case ENC_RSA_MD5:
|
||||||
|
return ENCTYPE_DES_CBC_MD5;
|
||||||
|
case ENC_RC4_HMAC_MD5:
|
||||||
|
return ENCTYPE_ARCFOUR_HMAC_MD5;
|
||||||
|
case ENC_HMAC_SHA1_96_AES128:
|
||||||
|
return ENCTYPE_AES128_CTS_HMAC_SHA1_96;
|
||||||
|
case ENC_HMAC_SHA1_96_AES256:
|
||||||
|
return ENCTYPE_AES256_CTS_HMAC_SHA1_96;
|
||||||
|
default:
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Return an array of krb5_enctype values */
|
||||||
|
krb5_error_code kerberos_enctype_bitmap_to_enctypes(TALLOC_CTX *mem_ctx, uint32_t enctype_bitmap, krb5_enctype **enctypes)
|
||||||
|
{
|
||||||
|
unsigned int i, j = 0;
|
||||||
|
*enctypes = talloc_zero_array(mem_ctx, krb5_enctype, 8*sizeof(enctype_bitmap));
|
||||||
|
if (!*enctypes) {
|
||||||
|
return ENOMEM;
|
||||||
|
}
|
||||||
|
for (i=0; i<(8*sizeof(enctype_bitmap)); i++) {
|
||||||
|
if ((1 << i) & enctype_bitmap) {
|
||||||
|
(*enctypes)[j] = kerberos_enctype_bitmap_to_enctype(enctype_bitmap);
|
||||||
|
if (!(*enctypes)[j]) {
|
||||||
|
return KRB5_PROG_ETYPE_NOSUPP;
|
||||||
|
}
|
||||||
|
j++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user