s4:kerberos Add functions to convert msDS-SupportedEncryptionTypes

author Andrew Bartlett <abartlet@samba.org>

Mon, 28 Jun 2010 13:19:16 +0000 (23:19 +1000)

committer Andrew Bartlett <abartlet@samba.org>

Tue, 29 Jun 2010 06:59:30 +0000 (16:59 +1000)
author Andrew Bartlett <abartlet@samba.org>
Mon, 28 Jun 2010 13:19:16 +0000 (23:19 +1000)
committer Andrew Bartlett <abartlet@samba.org>
Tue, 29 Jun 2010 06:59:30 +0000 (16:59 +1000)
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h

index 7e3a7865d6fc78788961e11b1d7717aee0cbea73..b4422b5b16d2355eb272c90f0b7992a6a8e57f00 100644 (file)
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -140,6 +140,9 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
                                      time_t tgs_authtime,
                                      DATA_BLOB *pac);
  struct loadparm_context;
+uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum);
+/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */
+krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap);
  
  #include "auth/kerberos/proto.h"
  
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c

index 2b358515f871558c9cbb5dde18b19daad7b35c5d..30e43f0795a4f2fea44a61f1e1951b15e1c54180 100644 (file)
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -740,3 +740,60 @@ krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx,
         return ret;
  }
  
+/* Translate between the IETF encryption type values and the Microsoft msDS-SupportedEncryptionTypes values */
+uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum)
+{
+       switch (enc_type_enum) {
+       case ENCTYPE_DES_CBC_CRC:
+               return ENC_CRC32;
+       case ENCTYPE_DES_CBC_MD5:
+               return ENC_RSA_MD5;
+       case ENCTYPE_ARCFOUR_HMAC_MD5:
+               return ENC_RC4_HMAC_MD5;
+       case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
+               return ENC_HMAC_SHA1_96_AES128;
+       case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
+               return ENC_HMAC_SHA1_96_AES256;
+       default:
+               return 0;
+       }
+}
+
+/* Translate between the Microsoft msDS-SupportedEncryptionTypes values and the IETF encryption type values */
+krb5_enctype kerberos_enctype_bitmap_to_enctype(uint32_t enctype_bitmap)
+{
+       switch (enctype_bitmap) {
+       case ENC_CRC32:
+               return ENCTYPE_DES_CBC_CRC;
+       case ENC_RSA_MD5:
+               return ENCTYPE_DES_CBC_MD5;
+       case ENC_RC4_HMAC_MD5:
+               return ENCTYPE_ARCFOUR_HMAC_MD5;
+       case ENC_HMAC_SHA1_96_AES128:
+               return ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+       case ENC_HMAC_SHA1_96_AES256:
+               return ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+       default:
+               return 0;
+       }
+}
+
+/* Return an array of krb5_enctype values */
+krb5_error_code kerberos_enctype_bitmap_to_enctypes(TALLOC_CTX *mem_ctx, uint32_t enctype_bitmap, krb5_enctype **enctypes)
+{
+       unsigned int i, j = 0;
+       *enctypes = talloc_zero_array(mem_ctx, krb5_enctype, 8*sizeof(enctype_bitmap));
+       if (!*enctypes) {
+               return ENOMEM;
+       }
+       for (i=0; i<(8*sizeof(enctype_bitmap)); i++) {
+               if ((1 << i) & enctype_bitmap) {
+                       (*enctypes)[j] = kerberos_enctype_bitmap_to_enctype(enctype_bitmap);
+                       if (!(*enctypes)[j]) {
+                               return KRB5_PROG_ETYPE_NOSUPP;
+                       }
+                       j++;
+               }
+       }
+       return 0;
+}
author	Andrew Bartlett <abartlet@samba.org>
	Mon, 28 Jun 2010 13:19:16 +0000 (23:19 +1000)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 29 Jun 2010 06:59:30 +0000 (16:59 +1000)
source4/auth/kerberos/kerberos.h		patch \| blob \| history
source4/auth/kerberos/kerberos_util.c		patch \| blob \| history