1 files changed, 108 insertions, 0 deletions

diff --git a/lib/krb5_wrap/enctype_convert.c b/lib/krb5_wrap/enctype_convert.c
new file mode 100644
index 0000000..4a64435
--- /dev/null
+++ b/lib/krb5_wrap/enctype_convert.c
@@ -0,0 +1,108 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Kerberos utility functions
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "krb5_samba.h"
+#include "librpc/gen_ndr/netlogon.h"
+
+const krb5_enctype *samba_all_enctypes(void)
+{
+	/* TODO: Find a way not to have to use a fixed list */
+	static const krb5_enctype enctypes[] = {
+		ENCTYPE_DES_CBC_CRC,
+		ENCTYPE_DES_CBC_MD5,
+		ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+		ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+		ENCTYPE_ARCFOUR_HMAC,
+		0
+	};
+	return enctypes;
+};
+
+/* Translate between the IETF encryption type values and the Microsoft
+ * msDS-SupportedEncryptionTypes values */
+uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum)
+{
+	switch (enc_type_enum) {
+	case ENCTYPE_DES_CBC_CRC:
+		return ENC_CRC32;
+	case ENCTYPE_DES_CBC_MD5:
+		return ENC_RSA_MD5;
+	case ENCTYPE_ARCFOUR_HMAC:
+		return ENC_RC4_HMAC_MD5;
+	case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
+		return ENC_HMAC_SHA1_96_AES128;
+	case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
+		return ENC_HMAC_SHA1_96_AES256;
+	default:
+		return 0;
+	}
+}
+
+/* Translate between the Microsoft msDS-SupportedEncryptionTypes values
+ * and the IETF encryption type values */
+krb5_enctype ms_suptype_to_ietf_enctype(uint32_t enctype_bitmap)
+{
+	switch (enctype_bitmap) {
+	case ENC_CRC32:
+		return ENCTYPE_DES_CBC_CRC;
+	case ENC_RSA_MD5:
+		return ENCTYPE_DES_CBC_MD5;
+	case ENC_RC4_HMAC_MD5:
+		return ENCTYPE_ARCFOUR_HMAC;
+	case ENC_HMAC_SHA1_96_AES128:
+		return ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+	case ENC_HMAC_SHA1_96_AES256:
+		return ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+	default:
+		return 0;
+	}
+}
+
+/* Return an array of krb5_enctype values */
+krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX *mem_ctx,
+					     uint32_t enctype_bitmap,
+					     krb5_enctype **enctypes)
+{
+	size_t max_bits = 8 * sizeof(enctype_bitmap);
+	size_t j = 0;
+	ssize_t i;
+
+	*enctypes = talloc_zero_array(mem_ctx, krb5_enctype,
+				      max_bits + 1);
+	if (!*enctypes) {
+		return ENOMEM;
+	}
+
+	for (i = max_bits - 1; i >= 0; i--) {
+		uint32_t bit_value = (1U << i) & enctype_bitmap;
+		if (bit_value & enctype_bitmap) {
+			(*enctypes)[j] = ms_suptype_to_ietf_enctype(bit_value);
+			if (!(*enctypes)[j]) {
+				continue;
+			}
+			j++;
+		}
+	}
+	(*enctypes)[j] = 0;
+	return 0;
+}