}
#endif
+krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *pac_data,
+ krb5_context context,
+ const krb5_keyblock *keyblock,
+ uint32_t *sig_type,
+ DATA_BLOB *sig_blob)
+{
+ krb5_error_code ret;
+ krb5_checksum cksum;
+#if defined(HAVE_KRB5_CRYPTO_INIT) && defined(HAVE_KRB5_CREATE_CHECKSUM)
+ krb5_crypto crypto;
+
+
+ ret = krb5_crypto_init(context,
+ keyblock,
+ 0,
+ &crypto);
+ if (ret) {
+ DEBUG(0,("krb5_crypto_init() failed: %s\n",
+ smb_get_krb5_error_message(context, ret, mem_ctx)));
+ return ret;
+ }
+ ret = krb5_create_checksum(context,
+ crypto,
+ KRB5_KU_OTHER_CKSUM,
+ 0,
+ pac_data->data,
+ pac_data->length,
+ &cksum);
+ if (ret) {
+ DEBUG(2, ("PAC Verification failed: %s\n",
+ smb_get_krb5_error_message(context, ret, mem_ctx)));
+ }
+
+ krb5_crypto_destroy(context, crypto);
+
+ if (ret) {
+ return ret;
+ }
+
+ *sig_type = cksum.cksumtype;
+ *sig_blob = data_blob_talloc(mem_ctx,
+ cksum.checksum.data,
+ cksum.checksum.length);
+#elif defined(HAVE_KRB5_C_MAKE_CHECKSUM)
+ krb5_data input;
+
+ input.data = (char *)pac_data->data;
+ input.length = pac_data->length;
+
+ ret = krb5_c_make_checksum(context,
+ 0,
+ keyblock,
+ KRB5_KEYUSAGE_APP_DATA_CKSUM,
+ &input,
+ &cksum);
+ if (ret) {
+ DEBUG(2, ("PAC Verification failed: %s\n",
+ smb_get_krb5_error_message(context, ret, mem_ctx)));
+ return ret;
+ }
+
+ *sig_type = cksum.checksum_type;
+ *sig_blob = data_blob_talloc(mem_ctx,
+ cksum.contents,
+ cksum.length);
+
+#else
+#error krb5_create_checksum or krb5_c_make_checksum not available
+#endif /* HAVE_KRB5_C_MAKE_CHECKSUM */
+ smb_krb5_free_checksum_contents(context, &cksum);
+
+ return 0;
+}
+
+
/*
* smb_krb5_principal_get_realm
*
#error krb5_free_checksum_contents/free_Checksum is not vailable
#endif
+krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *pac_data,
+ krb5_context context,
+ const krb5_keyblock *keyblock,
+ uint32_t *sig_type,
+ DATA_BLOB *sig_blob);
+
char *smb_krb5_principal_get_realm(krb5_context context,
krb5_principal principal);
AC_CHECK_FUNC_EXT(krb5_cc_get_lifetime, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_cc_retrieve_cred, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_free_checksum_contents, $KRB5_LIBS)
+ AC_CHECK_FUNC_EXT(krb5_c_make_checksum, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(gsskrb5_extract_authz_data_from_sec_context, $KRB5_LIBS)
conf.define('HAVE_KRB5_ADDRESSES', 1)
conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
conf.define('HAVE_KRB5_CC_GET_LIFETIME', 1)
+conf.define('HAVE_KRB5_CREATE_CHECKSUM', 1)
conf.define('HAVE_KRB5_CRYPTO', 1)
conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1)
conf.define('HAVE_KRB5_CRYPTO_INIT', 1)
krb5_get_init_creds_keyblock krb5_get_init_creds_keytab
krb5_make_principal krb5_build_principal_alloc_va
krb5_cc_get_lifetime krb5_cc_retrieve_cred
- krb5_free_checksum_contents''',
+ krb5_free_checksum_contents krb5_c_make_checksum''',
lib='krb5 k5crypto')
conf.CHECK_DECLS('''krb5_get_credentials_for_user
krb5_auth_con_set_req_cksumtype''',