Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : PAC Glue between Samba and the KDC
5 :
6 : Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
7 : Copyright (C) Simo Sorce <idra@samba.org> 2010
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include "includes.h"
25 : #include "system/kerberos.h"
26 : #include "auth/kerberos/kerberos.h"
27 : #include <hdb.h>
28 : #include "kdc/samba_kdc.h"
29 : #include "kdc/pac-glue.h"
30 : #include "librpc/gen_ndr/ndr_krb5pac.h"
31 : #include "auth/kerberos/pac_utils.h"
32 : #include "kdc/kdc-glue.h"
33 :
34 72 : int kdc_check_pac(krb5_context context,
35 : DATA_BLOB srv_sig,
36 : struct PAC_SIGNATURE_DATA *kdc_sig,
37 : hdb_entry *ent)
38 : {
39 : krb5_enctype etype;
40 : int ret;
41 : krb5_keyblock keyblock;
42 : Key *key;
43 :
44 72 : if (kdc_sig->type == CKSUMTYPE_HMAC_MD5) {
45 24 : etype = ENCTYPE_ARCFOUR_HMAC;
46 : } else {
47 48 : ret = krb5_cksumtype_to_enctype(context,
48 48 : kdc_sig->type,
49 : &etype);
50 48 : if (ret != 0) {
51 24 : return ret;
52 : }
53 : }
54 :
55 48 : ret = hdb_enctype2key(context, ent, NULL, etype, &key);
56 :
57 48 : if (ret != 0) {
58 0 : return ret;
59 : }
60 :
61 48 : keyblock = key->key;
62 :
63 48 : return check_pac_checksum(srv_sig, kdc_sig,
64 : context, &keyblock);
65 : }
|
