diff options
Diffstat (limited to 'lib/krb5_wrap/enctype_convert.c')
-rw-r--r-- | lib/krb5_wrap/enctype_convert.c | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/lib/krb5_wrap/enctype_convert.c b/lib/krb5_wrap/enctype_convert.c new file mode 100644 index 0000000..4a64435 --- /dev/null +++ b/lib/krb5_wrap/enctype_convert.c @@ -0,0 +1,108 @@ +/* + Unix SMB/CIFS implementation. + + Kerberos utility functions + + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2012 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "krb5_samba.h" +#include "librpc/gen_ndr/netlogon.h" + +const krb5_enctype *samba_all_enctypes(void) +{ + /* TODO: Find a way not to have to use a fixed list */ + static const krb5_enctype enctypes[] = { + ENCTYPE_DES_CBC_CRC, + ENCTYPE_DES_CBC_MD5, + ENCTYPE_AES128_CTS_HMAC_SHA1_96, + ENCTYPE_AES256_CTS_HMAC_SHA1_96, + ENCTYPE_ARCFOUR_HMAC, + 0 + }; + return enctypes; +}; + +/* Translate between the IETF encryption type values and the Microsoft + * msDS-SupportedEncryptionTypes values */ +uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum) +{ + switch (enc_type_enum) { + case ENCTYPE_DES_CBC_CRC: + return ENC_CRC32; + case ENCTYPE_DES_CBC_MD5: + return ENC_RSA_MD5; + case ENCTYPE_ARCFOUR_HMAC: + return ENC_RC4_HMAC_MD5; + case ENCTYPE_AES128_CTS_HMAC_SHA1_96: + return ENC_HMAC_SHA1_96_AES128; + case ENCTYPE_AES256_CTS_HMAC_SHA1_96: + return ENC_HMAC_SHA1_96_AES256; + default: + return 0; + } +} + +/* Translate between the Microsoft msDS-SupportedEncryptionTypes values + * and the IETF encryption type values */ +krb5_enctype ms_suptype_to_ietf_enctype(uint32_t enctype_bitmap) +{ + switch (enctype_bitmap) { + case ENC_CRC32: + return ENCTYPE_DES_CBC_CRC; + case ENC_RSA_MD5: + return ENCTYPE_DES_CBC_MD5; + case ENC_RC4_HMAC_MD5: + return ENCTYPE_ARCFOUR_HMAC; + case ENC_HMAC_SHA1_96_AES128: + return ENCTYPE_AES128_CTS_HMAC_SHA1_96; + case ENC_HMAC_SHA1_96_AES256: + return ENCTYPE_AES256_CTS_HMAC_SHA1_96; + default: + return 0; + } +} + +/* Return an array of krb5_enctype values */ +krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX *mem_ctx, + uint32_t enctype_bitmap, + krb5_enctype **enctypes) +{ + size_t max_bits = 8 * sizeof(enctype_bitmap); + size_t j = 0; + ssize_t i; + + *enctypes = talloc_zero_array(mem_ctx, krb5_enctype, + max_bits + 1); + if (!*enctypes) { + return ENOMEM; + } + + for (i = max_bits - 1; i >= 0; i--) { + uint32_t bit_value = (1U << i) & enctype_bitmap; + if (bit_value & enctype_bitmap) { + (*enctypes)[j] = ms_suptype_to_ietf_enctype(bit_value); + if (!(*enctypes)[j]) { + continue; + } + j++; + } + } + (*enctypes)[j] = 0; + return 0; +} |