krb5_wrap: add smb_krb5_salt_principal2data()
authorStefan Metzmacher <metze@samba.org>
Thu, 18 May 2017 09:32:46 +0000 (11:32 +0200)
committerStefan Metzmacher <metze@samba.org>
Tue, 27 Jun 2017 14:57:43 +0000 (16:57 +0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
lib/krb5_wrap/krb5_samba.c
lib/krb5_wrap/krb5_samba.h

index 153221728c14e967216772613176f402a9b536e1..fcde9f5de81ecbfe533bcabf405c649a1cde3c8f 100644 (file)
@@ -435,7 +435,8 @@ int smb_krb5_get_pw_salt(krb5_context context,
  * - SomePrincipal@EXAMPLE.COM
  *
  * This is not the form that's used as salt, it's just
- * the human readable form.
+ * the human readable form. It needs to be converted by
+ * smb_krb5_salt_principal2data().
  *
  * @param[in]  realm              The realm the user/computer is added too.
  *
@@ -452,6 +453,8 @@ int smb_krb5_get_pw_salt(krb5_context context,
  * @param[out]  _salt_principal   The resulting principal as string.
  *
  * @retval 0 Success; otherwise - Kerberos error codes
+ *
+ * @see smb_krb5_salt_principal2data
  */
 int smb_krb5_salt_principal(const char *realm,
                            const char *sAMAccountName,
@@ -542,6 +545,70 @@ int smb_krb5_salt_principal(const char *realm,
        return 0;
 }
 
+/**
+ * @brief Converts the salt principal string into the salt data blob
+ *
+ * This function takes a salt_principal as string in forms like this:
+ * - host/somehost.example.com@EXAMPLE.COM
+ * - SomeAccount@EXAMPLE.COM
+ * - SomePrincipal@EXAMPLE.COM
+ *
+ * It generates values like:
+ * - EXAMPLE.COMhost/somehost.example.com
+ * - EXAMPLE.COMSomeAccount
+ * - EXAMPLE.COMSomePrincipal
+ *
+ * @param[in]  realm              The realm the user/computer is added too.
+ *
+ * @param[in]  sAMAccountName     The sAMAccountName attribute of the object.
+ *
+ * @param[in]  userPrincipalName  The userPrincipalName attribute of the object
+ *                                or NULL is not available.
+ *
+ * @param[in]  is_computer        The indication of the object includes
+ *                                objectClass=computer.
+ *
+ * @param[in]  mem_ctx            The TALLOC_CTX to allocate _salt_principal.
+ *
+ * @param[out]  _salt_principal   The resulting principal as string.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ *
+ * @see smb_krb5_salt_principal
+ */
+int smb_krb5_salt_principal2data(krb5_context context,
+                                const char *salt_principal,
+                                TALLOC_CTX *mem_ctx,
+                                char **_salt_data)
+{
+       krb5_error_code ret;
+       krb5_principal salt_princ = NULL;
+       krb5_data salt;
+
+       *_salt_data = NULL;
+
+       ret = krb5_parse_name(context, salt_principal, &salt_princ);
+       if (ret != 0) {
+               return ret;
+       }
+
+       ret = smb_krb5_get_pw_salt(context, salt_princ, &salt);
+       krb5_free_principal(context, salt_princ);
+       if (ret != 0) {
+               return ret;
+       }
+
+       *_salt_data = talloc_strndup(mem_ctx,
+                                    (char *)salt.data,
+                                    salt.length);
+       smb_krb5_free_data_contents(context, &salt);
+       if (*_salt_data == NULL) {
+               return ENOMEM;
+       }
+
+       return 0;
+}
+
 #if defined(HAVE_KRB5_GET_PERMITTED_ENCTYPES)
 /**
  * @brief Get a list of encryption types allowed for session keys
index daaae3f03861bc736bbd3bf59e865ea98ae32688..315d3c3492e60fe18858ef2711ce49f1c521e988 100644 (file)
@@ -356,6 +356,10 @@ int smb_krb5_salt_principal(const char *realm,
                            bool is_computer,
                            TALLOC_CTX *mem_ctx,
                            char **_salt_principal);
+int smb_krb5_salt_principal2data(krb5_context context,
+                                const char *salt_principal,
+                                TALLOC_CTX *mem_ctx,
+                                char **_salt_data);
 
 int smb_krb5_create_key_from_string(krb5_context context,
                                    krb5_const_principal host_princ,