mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
krb5samba: Add smb_krb5_make_pac_checksum.
Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Tue May 8 08:30:52 CEST 2012 on sn-devel-104
This commit is contained in:
parent
7f9e4d70b9
commit
e8e5afd4d4
@ -2182,6 +2182,82 @@ void smb_krb5_free_checksum_contents(krb5_context ctx, krb5_checksum *cksum)
|
||||
}
|
||||
#endif
|
||||
|
||||
krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB *pac_data,
|
||||
krb5_context context,
|
||||
const krb5_keyblock *keyblock,
|
||||
uint32_t *sig_type,
|
||||
DATA_BLOB *sig_blob)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_checksum cksum;
|
||||
#if defined(HAVE_KRB5_CRYPTO_INIT) && defined(HAVE_KRB5_CREATE_CHECKSUM)
|
||||
krb5_crypto crypto;
|
||||
|
||||
|
||||
ret = krb5_crypto_init(context,
|
||||
keyblock,
|
||||
0,
|
||||
&crypto);
|
||||
if (ret) {
|
||||
DEBUG(0,("krb5_crypto_init() failed: %s\n",
|
||||
smb_get_krb5_error_message(context, ret, mem_ctx)));
|
||||
return ret;
|
||||
}
|
||||
ret = krb5_create_checksum(context,
|
||||
crypto,
|
||||
KRB5_KU_OTHER_CKSUM,
|
||||
0,
|
||||
pac_data->data,
|
||||
pac_data->length,
|
||||
&cksum);
|
||||
if (ret) {
|
||||
DEBUG(2, ("PAC Verification failed: %s\n",
|
||||
smb_get_krb5_error_message(context, ret, mem_ctx)));
|
||||
}
|
||||
|
||||
krb5_crypto_destroy(context, crypto);
|
||||
|
||||
if (ret) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
*sig_type = cksum.cksumtype;
|
||||
*sig_blob = data_blob_talloc(mem_ctx,
|
||||
cksum.checksum.data,
|
||||
cksum.checksum.length);
|
||||
#elif defined(HAVE_KRB5_C_MAKE_CHECKSUM)
|
||||
krb5_data input;
|
||||
|
||||
input.data = (char *)pac_data->data;
|
||||
input.length = pac_data->length;
|
||||
|
||||
ret = krb5_c_make_checksum(context,
|
||||
0,
|
||||
keyblock,
|
||||
KRB5_KEYUSAGE_APP_DATA_CKSUM,
|
||||
&input,
|
||||
&cksum);
|
||||
if (ret) {
|
||||
DEBUG(2, ("PAC Verification failed: %s\n",
|
||||
smb_get_krb5_error_message(context, ret, mem_ctx)));
|
||||
return ret;
|
||||
}
|
||||
|
||||
*sig_type = cksum.checksum_type;
|
||||
*sig_blob = data_blob_talloc(mem_ctx,
|
||||
cksum.contents,
|
||||
cksum.length);
|
||||
|
||||
#else
|
||||
#error krb5_create_checksum or krb5_c_make_checksum not available
|
||||
#endif /* HAVE_KRB5_C_MAKE_CHECKSUM */
|
||||
smb_krb5_free_checksum_contents(context, &cksum);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* smb_krb5_principal_get_realm
|
||||
*
|
||||
|
@ -259,6 +259,13 @@ void smb_krb5_free_checksum_contents(krb5_context ctx, krb5_checksum *cksum);
|
||||
#error krb5_free_checksum_contents/free_Checksum is not vailable
|
||||
#endif
|
||||
|
||||
krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB *pac_data,
|
||||
krb5_context context,
|
||||
const krb5_keyblock *keyblock,
|
||||
uint32_t *sig_type,
|
||||
DATA_BLOB *sig_blob);
|
||||
|
||||
char *smb_krb5_principal_get_realm(krb5_context context,
|
||||
krb5_principal principal);
|
||||
|
||||
|
@ -3619,6 +3619,7 @@ if test x"$with_ads_support" != x"no"; then
|
||||
AC_CHECK_FUNC_EXT(krb5_cc_get_lifetime, $KRB5_LIBS)
|
||||
AC_CHECK_FUNC_EXT(krb5_cc_retrieve_cred, $KRB5_LIBS)
|
||||
AC_CHECK_FUNC_EXT(krb5_free_checksum_contents, $KRB5_LIBS)
|
||||
AC_CHECK_FUNC_EXT(krb5_c_make_checksum, $KRB5_LIBS)
|
||||
AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS)
|
||||
AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS)
|
||||
AC_CHECK_FUNC_EXT(gsskrb5_extract_authz_data_from_sec_context, $KRB5_LIBS)
|
||||
|
@ -99,6 +99,7 @@ conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1)
|
||||
conf.define('HAVE_KRB5_ADDRESSES', 1)
|
||||
conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
|
||||
conf.define('HAVE_KRB5_CC_GET_LIFETIME', 1)
|
||||
conf.define('HAVE_KRB5_CREATE_CHECKSUM', 1)
|
||||
conf.define('HAVE_KRB5_CRYPTO', 1)
|
||||
conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1)
|
||||
conf.define('HAVE_KRB5_CRYPTO_INIT', 1)
|
||||
|
@ -65,7 +65,7 @@ conf.CHECK_FUNCS('''
|
||||
krb5_get_init_creds_keyblock krb5_get_init_creds_keytab
|
||||
krb5_make_principal krb5_build_principal_alloc_va
|
||||
krb5_cc_get_lifetime krb5_cc_retrieve_cred
|
||||
krb5_free_checksum_contents''',
|
||||
krb5_free_checksum_contents krb5_c_make_checksum''',
|
||||
lib='krb5 k5crypto')
|
||||
conf.CHECK_DECLS('''krb5_get_credentials_for_user
|
||||
krb5_auth_con_set_req_cksumtype''',
|
||||
|
Loading…
Reference in New Issue
Block a user