1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

krb5samba: Add smb_krb5_make_pac_checksum.

Signed-off-by: Simo Sorce <idra@samba.org>

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Tue May  8 08:30:52 CEST 2012 on sn-devel-104
This commit is contained in:
Andreas Schneider 2012-05-03 17:10:27 +02:00 committed by Simo Sorce
parent 7f9e4d70b9
commit e8e5afd4d4
5 changed files with 86 additions and 1 deletions

View File

@ -2182,6 +2182,82 @@ void smb_krb5_free_checksum_contents(krb5_context ctx, krb5_checksum *cksum)
}
#endif
krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
DATA_BLOB *pac_data,
krb5_context context,
const krb5_keyblock *keyblock,
uint32_t *sig_type,
DATA_BLOB *sig_blob)
{
krb5_error_code ret;
krb5_checksum cksum;
#if defined(HAVE_KRB5_CRYPTO_INIT) && defined(HAVE_KRB5_CREATE_CHECKSUM)
krb5_crypto crypto;
ret = krb5_crypto_init(context,
keyblock,
0,
&crypto);
if (ret) {
DEBUG(0,("krb5_crypto_init() failed: %s\n",
smb_get_krb5_error_message(context, ret, mem_ctx)));
return ret;
}
ret = krb5_create_checksum(context,
crypto,
KRB5_KU_OTHER_CKSUM,
0,
pac_data->data,
pac_data->length,
&cksum);
if (ret) {
DEBUG(2, ("PAC Verification failed: %s\n",
smb_get_krb5_error_message(context, ret, mem_ctx)));
}
krb5_crypto_destroy(context, crypto);
if (ret) {
return ret;
}
*sig_type = cksum.cksumtype;
*sig_blob = data_blob_talloc(mem_ctx,
cksum.checksum.data,
cksum.checksum.length);
#elif defined(HAVE_KRB5_C_MAKE_CHECKSUM)
krb5_data input;
input.data = (char *)pac_data->data;
input.length = pac_data->length;
ret = krb5_c_make_checksum(context,
0,
keyblock,
KRB5_KEYUSAGE_APP_DATA_CKSUM,
&input,
&cksum);
if (ret) {
DEBUG(2, ("PAC Verification failed: %s\n",
smb_get_krb5_error_message(context, ret, mem_ctx)));
return ret;
}
*sig_type = cksum.checksum_type;
*sig_blob = data_blob_talloc(mem_ctx,
cksum.contents,
cksum.length);
#else
#error krb5_create_checksum or krb5_c_make_checksum not available
#endif /* HAVE_KRB5_C_MAKE_CHECKSUM */
smb_krb5_free_checksum_contents(context, &cksum);
return 0;
}
/*
* smb_krb5_principal_get_realm
*

View File

@ -259,6 +259,13 @@ void smb_krb5_free_checksum_contents(krb5_context ctx, krb5_checksum *cksum);
#error krb5_free_checksum_contents/free_Checksum is not vailable
#endif
krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
DATA_BLOB *pac_data,
krb5_context context,
const krb5_keyblock *keyblock,
uint32_t *sig_type,
DATA_BLOB *sig_blob);
char *smb_krb5_principal_get_realm(krb5_context context,
krb5_principal principal);

View File

@ -3619,6 +3619,7 @@ if test x"$with_ads_support" != x"no"; then
AC_CHECK_FUNC_EXT(krb5_cc_get_lifetime, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_cc_retrieve_cred, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_free_checksum_contents, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_c_make_checksum, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gsskrb5_extract_authz_data_from_sec_context, $KRB5_LIBS)

View File

@ -99,6 +99,7 @@ conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1)
conf.define('HAVE_KRB5_ADDRESSES', 1)
conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
conf.define('HAVE_KRB5_CC_GET_LIFETIME', 1)
conf.define('HAVE_KRB5_CREATE_CHECKSUM', 1)
conf.define('HAVE_KRB5_CRYPTO', 1)
conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1)
conf.define('HAVE_KRB5_CRYPTO_INIT', 1)

View File

@ -65,7 +65,7 @@ conf.CHECK_FUNCS('''
krb5_get_init_creds_keyblock krb5_get_init_creds_keytab
krb5_make_principal krb5_build_principal_alloc_va
krb5_cc_get_lifetime krb5_cc_retrieve_cred
krb5_free_checksum_contents''',
krb5_free_checksum_contents krb5_c_make_checksum''',
lib='krb5 k5crypto')
conf.CHECK_DECLS('''krb5_get_credentials_for_user
krb5_auth_con_set_req_cksumtype''',