#define AP_OPTS_USE_SUBKEY 0
#endif
-#ifndef krb5_princ_size
-#if defined(HAVE_KRB5_KRB5_PRINCIPAL_GET_NUM_COMP)
-#define krb5_princ_size krb5_principal_get_num_comp
-#else
-#error krb5_princ_size unavailable
+#ifndef KRB5_PW_SALT
+#define KRB5_PW_SALT 3
#endif
+
+/* CKSUMTYPE_HMAC_MD5 in Heimdal
+ CKSUMTYPE_HMAC_MD5_ARCFOUR in MIT */
+#if defined(CKSUMTYPE_HMAC_MD5_ARCFOUR) && !defined(CKSUMTYPE_HMAC_MD5)
+#define CKSUMTYPE_HMAC_MD5 CKSUMTYPE_HMAC_MD5_ARCFOUR
+#endif
+
+/*
+ * CKSUMTYPE_HMAC_SHA1_96_AES_* in Heimdal
+ * CKSUMTYPE_HMAC_SHA1_96_AES* in MIT
+ */
+#if defined(CKSUMTYPE_HMAC_SHA1_96_AES128) && !defined(CKSUMTYPE_HMAC_SHA1_96_AES_128)
+#define CKSUMTYPE_HMAC_SHA1_96_AES_128 CKSUMTYPE_HMAC_SHA1_96_AES128
+#endif
+#if defined(CKSUMTYPE_HMAC_SHA1_96_AES256) && !defined(CKSUMTYPE_HMAC_SHA1_96_AES_256)
+#define CKSUMTYPE_HMAC_SHA1_96_AES_256 CKSUMTYPE_HMAC_SHA1_96_AES256
+#endif
+
+/*
+ * KRB5_KU_OTHER_ENCRYPTED in Heimdal
+ * KRB5_KEYUSAGE_APP_DATA_ENCRYPT in MIT
+ */
+#if defined(KRB5_KEYUSAGE_APP_DATA_ENCRYPT) && !defined(KRB5_KU_OTHER_ENCRYPTED)
+#define KRB5_KU_OTHER_ENCRYPTED KRB5_KEYUSAGE_APP_DATA_ENCRYPT
#endif
typedef struct {
#define KRB5_KEY_DATA_CAST krb5_octet
#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */
+#ifdef HAVE_E_DATA_POINTER_IN_KRB5_ERROR /* Heimdal */
+#define KRB5_ERROR_CODE(k) ((k)->error_code)
+#else /* MIT */
+#define KRB5_ERROR_CODE(k) ((k)->error)
+#endif /* HAVE_E_DATA_POINTER_IN_KRB5_ERROR */
+
krb5_error_code smb_krb5_parse_name(krb5_context context,
const char *name, /* in unix charset */
krb5_principal *principal);
#endif
/* Samba wrapper functions for krb5 functionality. */
-bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr);
-int create_kerberos_key_from_string(krb5_context context,
- krb5_principal host_princ,
- krb5_data *password,
- krb5_keyblock *key,
- krb5_enctype enctype,
- bool no_salt);
-int create_kerberos_key_from_string_direct(krb5_context context,
- krb5_principal host_princ,
- krb5_data *password,
- krb5_keyblock *key,
- krb5_enctype enctype);
+bool smb_krb5_sockaddr_to_kaddr(struct sockaddr_storage *paddr,
+ krb5_address *pkaddr);
+
+krb5_error_code smb_krb5_mk_error(krb5_context context,
+ krb5_error_code error_code,
+ const char *e_text,
+ krb5_data *e_data,
+ krb5_data *enc_err);
krb5_error_code get_kerberos_allowed_etypes(krb5_context context, krb5_enctype **enctypes);
bool get_krb5_smb_session_key(TALLOC_CTX *mem_ctx,
krb5_const_principal princ1,
krb5_const_principal princ2);
krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time);
-krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code);
krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr,
const char *netbios_name);
krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr);
krb5_error_code smb_krb5_enctype_to_string(krb5_context context,
krb5_enctype enctype,
char **etype_s);
+krb5_error_code smb_krb5_open_keytab_relative(krb5_context context,
+ const char *keytab_name_req,
+ bool write_access,
+ krb5_keytab *keytab);
krb5_error_code smb_krb5_open_keytab(krb5_context context,
const char *keytab_name,
bool write_access,
krb5_context context,
krb5_keytab keytab,
const char **keytab_name);
+krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
+ krb5_keytab keytab,
+ krb5_kvno kvno,
+ krb5_enctype enctype,
+ const char *princ_s,
+ krb5_principal princ,
+ bool flush,
+ bool keep_old_entries);
+krb5_error_code smb_krb5_kt_add_entry(krb5_context context,
+ krb5_keytab keytab,
+ krb5_kvno kvno,
+ const char *princ_s,
+ const char *salt_principal,
+ krb5_enctype enctype,
+ krb5_data *password,
+ bool no_salt,
+ bool keep_old_entries);
+
krb5_error_code smb_krb5_get_credentials(krb5_context context,
krb5_ccache ccache,
krb5_principal me,
krb5_principal server,
krb5_principal impersonate_princ,
krb5_creds **out_creds);
-krb5_error_code smb_krb5_get_creds(const char *server_s,
- time_t time_offset,
- const char *cc,
- const char *impersonate_princ_s,
- krb5_creds **creds_p);
krb5_error_code smb_krb5_keyblock_init_contents(krb5_context context,
krb5_enctype enctype,
const void *data,
DATA_BLOB *sig_blob);
char *smb_krb5_principal_get_realm(krb5_context context,
- krb5_principal principal);
+ krb5_const_principal principal);
+
+void smb_krb5_principal_set_type(krb5_context context,
+ krb5_principal principal,
+ int type);
+
+krb5_error_code smb_krb5_principal_set_realm(krb5_context context,
+ krb5_principal principal,
+ const char *realm);
char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
const char *service,
const char *to,
const char *principal,
krb5_kvno kvno,
- krb5_enctype *enctypes);
+ const krb5_enctype *enctypes);
#if defined(HAVE_KRB5_KT_COMPARE)
#define smb_krb5_kt_compare krb5_kt_compare
krb5_enctype enctype);
#endif
+const krb5_enctype *samba_all_enctypes(void);
+
+uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum);
+krb5_enctype ms_suptype_to_ietf_enctype(uint32_t enctype_bitmap);
+krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX *mem_ctx,
+ uint32_t enctype_bitmap,
+ krb5_enctype **enctypes);
+int smb_krb5_get_pw_salt(krb5_context context,
+ krb5_const_principal host_princ,
+ krb5_data *psalt);
+
+int smb_krb5_create_key_from_string(krb5_context context,
+ krb5_const_principal host_princ,
+ krb5_data *salt,
+ krb5_data *password,
+ krb5_enctype enctype,
+ krb5_keyblock *key);
+
+krb5_boolean smb_krb5_get_allowed_weak_crypto(krb5_context context);
+
+#ifndef krb5_princ_size
+#if defined(HAVE_KRB5_PRINCIPAL_GET_NUM_COMP)
+#define krb5_princ_size krb5_principal_get_num_comp
+#else
+#error krb5_princ_size unavailable
+#endif
+#endif
+
+char *smb_krb5_principal_get_comp_string(TALLOC_CTX *mem_ctx,
+ krb5_context context,
+ krb5_const_principal principal,
+ unsigned int component);
+
+krb5_error_code krb5_copy_data_contents(krb5_data *p,
+ const void *data,
+ size_t len);
+
+int smb_krb5_principal_get_type(krb5_context context,
+ krb5_const_principal principal);
+
+#if !defined(HAVE_KRB5_WARNX)
+krb5_error_code krb5_warnx(krb5_context context, const char *fmt, ...);
+#endif
+
+krb5_error_code smb_krb5_cc_copy_creds(krb5_context context,
+ krb5_ccache incc, krb5_ccache outcc);
+
#endif /* HAVE_KRB5 */
int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,