Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Kerberos utility functions
5 :
6 : Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2012
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include "includes.h"
24 : #include "krb5_samba.h"
25 : #include "librpc/gen_ndr/netlogon.h"
26 :
27 0 : const krb5_enctype *samba_all_enctypes(void)
28 : {
29 : /* TODO: Find a way not to have to use a fixed list */
30 : static const krb5_enctype enctypes[] = {
31 : ENCTYPE_DES_CBC_CRC,
32 : ENCTYPE_DES_CBC_MD5,
33 : ENCTYPE_AES128_CTS_HMAC_SHA1_96,
34 : ENCTYPE_AES256_CTS_HMAC_SHA1_96,
35 : ENCTYPE_ARCFOUR_HMAC,
36 : 0
37 : };
38 0 : return enctypes;
39 : };
40 :
41 : /* Translate between the IETF encryption type values and the Microsoft
42 : * msDS-SupportedEncryptionTypes values */
43 758504 : uint32_t kerberos_enctype_to_bitmap(krb5_enctype enc_type_enum)
44 : {
45 758504 : switch (enc_type_enum) {
46 189626 : case ENCTYPE_DES_CBC_CRC:
47 189626 : return ENC_CRC32;
48 189626 : case ENCTYPE_DES_CBC_MD5:
49 189626 : return ENC_RSA_MD5;
50 0 : case ENCTYPE_ARCFOUR_HMAC:
51 0 : return ENC_RC4_HMAC_MD5;
52 189626 : case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
53 189626 : return ENC_HMAC_SHA1_96_AES128;
54 189626 : case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
55 189626 : return ENC_HMAC_SHA1_96_AES256;
56 0 : default:
57 0 : return 0;
58 : }
59 : }
60 :
61 : /* Translate between the Microsoft msDS-SupportedEncryptionTypes values
62 : * and the IETF encryption type values */
63 714 : krb5_enctype ms_suptype_to_ietf_enctype(uint32_t enctype_bitmap)
64 : {
65 714 : switch (enctype_bitmap) {
66 0 : case ENC_CRC32:
67 0 : return ENCTYPE_DES_CBC_CRC;
68 0 : case ENC_RSA_MD5:
69 0 : return ENCTYPE_DES_CBC_MD5;
70 238 : case ENC_RC4_HMAC_MD5:
71 238 : return ENCTYPE_ARCFOUR_HMAC;
72 238 : case ENC_HMAC_SHA1_96_AES128:
73 238 : return ENCTYPE_AES128_CTS_HMAC_SHA1_96;
74 238 : case ENC_HMAC_SHA1_96_AES256:
75 238 : return ENCTYPE_AES256_CTS_HMAC_SHA1_96;
76 0 : default:
77 0 : return 0;
78 : }
79 : }
80 :
81 : /* Return an array of krb5_enctype values */
82 238 : krb5_error_code ms_suptypes_to_ietf_enctypes(TALLOC_CTX *mem_ctx,
83 : uint32_t enctype_bitmap,
84 : krb5_enctype **enctypes)
85 : {
86 238 : size_t max_bits = 8 * sizeof(enctype_bitmap);
87 238 : size_t j = 0;
88 : ssize_t i;
89 :
90 238 : *enctypes = talloc_zero_array(mem_ctx, krb5_enctype,
91 : max_bits + 1);
92 238 : if (!*enctypes) {
93 0 : return ENOMEM;
94 : }
95 :
96 7854 : for (i = max_bits - 1; i >= 0; i--) {
97 7616 : uint32_t bit_value = (1U << i) & enctype_bitmap;
98 7616 : if (bit_value & enctype_bitmap) {
99 714 : (*enctypes)[j] = ms_suptype_to_ietf_enctype(bit_value);
100 714 : if (!(*enctypes)[j]) {
101 0 : continue;
102 : }
103 714 : j++;
104 : }
105 : }
106 238 : (*enctypes)[j] = 0;
107 238 : return 0;
108 : }
|
