|
Packit Service |
6d40f9 |
/*
|
|
Packit Service |
6d40f9 |
* adcli
|
|
Packit Service |
6d40f9 |
*
|
|
Packit Service |
6d40f9 |
* Copyright (C) 2012 Red Hat Inc.
|
|
Packit Service |
6d40f9 |
*
|
|
Packit Service |
6d40f9 |
* This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
6d40f9 |
* it under the terms of the GNU Lesser General Public License as
|
|
Packit Service |
6d40f9 |
* published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
6d40f9 |
* the License, or (at your option) any later version.
|
|
Packit Service |
6d40f9 |
*
|
|
Packit Service |
6d40f9 |
* This program is distributed in the hope that it will be useful, but
|
|
Packit Service |
6d40f9 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
6d40f9 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
6d40f9 |
* Lesser General Public License for more details.
|
|
Packit Service |
6d40f9 |
*
|
|
Packit Service |
6d40f9 |
* You should have received a copy of the GNU Lesser General Public
|
|
Packit Service |
6d40f9 |
* License along with this program; if not, write to the Free Software
|
|
Packit Service |
6d40f9 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
Packit Service |
6d40f9 |
* MA 02110-1301 USA
|
|
Packit Service |
6d40f9 |
*
|
|
Packit Service |
6d40f9 |
* Author: Stef Walter <stefw@gnome.org>
|
|
Packit Service |
6d40f9 |
*/
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
#include "config.h"
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
#include "adcli.h"
|
|
Packit Service |
6d40f9 |
#include "adprivate.h"
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
#include <gssapi/gssapi_krb5.h>
|
|
Packit Service |
6d40f9 |
#include <krb5/krb5.h>
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
#include <assert.h>
|
|
Packit Service |
6d40f9 |
#include <ctype.h>
|
|
Packit Service |
6d40f9 |
#include <errno.h>
|
|
Packit Service |
6d40f9 |
#include <stdio.h>
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_error_code
|
|
Packit Service |
6d40f9 |
_adcli_krb5_build_principal (krb5_context k5,
|
|
Packit Service |
6d40f9 |
const char *user,
|
|
Packit Service |
6d40f9 |
const char *realm,
|
|
Packit Service |
6d40f9 |
krb5_principal *principal)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
krb5_error_code code;
|
|
Packit Service |
6d40f9 |
char *name;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
if (asprintf (&name, "%s@%s", user, realm) < 0)
|
|
Packit Service |
6d40f9 |
return_val_if_reached (ENOMEM);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
code = krb5_parse_name (k5, name, principal);
|
|
Packit Service |
6d40f9 |
return_val_if_fail (code == 0, code);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
free (name);
|
|
Packit Service |
6d40f9 |
return 0;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_error_code
|
|
Packit Service |
6d40f9 |
_adcli_krb5_keytab_clear (krb5_context k5,
|
|
Packit Service |
6d40f9 |
krb5_keytab keytab,
|
|
Packit Service |
6d40f9 |
krb5_boolean (* match_func) (krb5_context,
|
|
Packit Service |
6d40f9 |
krb5_keytab_entry *,
|
|
Packit Service |
6d40f9 |
void *),
|
|
Packit Service |
6d40f9 |
void *match_data)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
krb5_kt_cursor cursor;
|
|
Packit Service |
6d40f9 |
krb5_keytab_entry entry;
|
|
Packit Service |
6d40f9 |
krb5_error_code code;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
code = krb5_kt_start_seq_get (k5, keytab, &cursor);
|
|
Packit Service |
6d40f9 |
if (code == KRB5_KT_END || code == ENOENT)
|
|
Packit Service |
6d40f9 |
return 0;
|
|
Packit Service |
6d40f9 |
else if (code != 0)
|
|
Packit Service |
6d40f9 |
return code;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
for (;;) {
|
|
Packit Service |
6d40f9 |
code = krb5_kt_next_entry (k5, keytab, &entry, &cursor);
|
|
Packit Service |
6d40f9 |
if (code != 0)
|
|
Packit Service |
6d40f9 |
break;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
/* See if we should remove this entry */
|
|
Packit Service |
6d40f9 |
if (!match_func (k5, &entry, match_data)) {
|
|
Packit Service |
6d40f9 |
krb5_free_keytab_entry_contents (k5, &entry);
|
|
Packit Service |
6d40f9 |
continue;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
/*
|
|
Packit Service |
6d40f9 |
* Here we close the cursor, remove the entry and then
|
|
Packit Service |
6d40f9 |
* start all over again from the beginning. Dumb but works.
|
|
Packit Service |
6d40f9 |
*/
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
code = krb5_kt_end_seq_get (k5, keytab, &cursor);
|
|
Packit Service |
6d40f9 |
return_val_if_fail (code == 0, code);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
code = krb5_kt_remove_entry (k5, keytab, &entry);
|
|
Packit Service |
6d40f9 |
krb5_free_keytab_entry_contents (k5, &entry);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
if (code != 0)
|
|
Packit Service |
6d40f9 |
return code;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
code = krb5_kt_start_seq_get (k5, keytab, &cursor);
|
|
Packit Service |
6d40f9 |
return_val_if_fail (code == 0, code);
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
if (code == KRB5_KT_END)
|
|
Packit Service |
6d40f9 |
code = 0;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_kt_end_seq_get (k5, keytab, &cursor);
|
|
Packit Service |
6d40f9 |
return code;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
static krb5_boolean
|
|
Packit Service |
6d40f9 |
match_all_entries (krb5_context k5,
|
|
Packit Service |
6d40f9 |
krb5_keytab_entry *entry,
|
|
Packit Service |
6d40f9 |
void *data)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
return TRUE;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_error_code
|
|
Packit Service |
6d40f9 |
_adcli_krb5_keytab_clear_all (krb5_context k5,
|
|
Packit Service |
6d40f9 |
krb5_keytab keytab)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
return _adcli_krb5_keytab_clear (k5, keytab,
|
|
Packit Service |
6d40f9 |
match_all_entries,
|
|
Packit Service |
6d40f9 |
NULL);
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_error_code
|
|
Packit Service |
6d40f9 |
_adcli_krb5_keytab_enumerate (krb5_context k5,
|
|
Packit Service |
6d40f9 |
krb5_keytab keytab,
|
|
Packit Service |
6d40f9 |
krb5_boolean (* match_func) (krb5_context,
|
|
Packit Service |
6d40f9 |
krb5_keytab_entry *,
|
|
Packit Service |
6d40f9 |
void *),
|
|
Packit Service |
6d40f9 |
void *match_data)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
krb5_kt_cursor cursor;
|
|
Packit Service |
6d40f9 |
krb5_keytab_entry entry;
|
|
Packit Service |
6d40f9 |
krb5_error_code code;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
code = krb5_kt_start_seq_get (k5, keytab, &cursor);
|
|
Packit Service |
6d40f9 |
if (code == KRB5_KT_END || code == ENOENT)
|
|
Packit Service |
6d40f9 |
return 0;
|
|
Packit Service |
6d40f9 |
else if (code != 0)
|
|
Packit Service |
6d40f9 |
return code;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
for (;;) {
|
|
Packit Service |
6d40f9 |
code = krb5_kt_next_entry (k5, keytab, &entry, &cursor);
|
|
Packit Service |
6d40f9 |
if (code != 0)
|
|
Packit Service |
6d40f9 |
break;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
/* See if we should continue */
|
|
Packit Service |
6d40f9 |
if (!match_func (k5, &entry, match_data))
|
|
Packit Service |
6d40f9 |
break;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
if (code == KRB5_KT_END)
|
|
Packit Service |
6d40f9 |
code = 0;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_kt_end_seq_get (k5, keytab, &cursor);
|
|
Packit Service |
6d40f9 |
return code;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
adcli_result
|
|
Packit Service |
6d40f9 |
_adcli_krb5_init_context (krb5_context *k5)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
krb5_error_code code;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
code = krb5_init_context (k5);
|
|
Packit Service |
6d40f9 |
if (code == ENOMEM) {
|
|
Packit Service |
6d40f9 |
return_unexpected_if_reached ();
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
} else if (code != 0) {
|
|
Packit Service |
6d40f9 |
_adcli_err ("Failed to create kerberos context: %s",
|
|
Packit Service |
6d40f9 |
krb5_get_error_message (NULL, code));
|
|
Packit Service |
6d40f9 |
return ADCLI_ERR_UNEXPECTED;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
return ADCLI_SUCCESS;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
adcli_result
|
|
Packit Service |
6d40f9 |
_adcli_krb5_open_keytab (krb5_context k5,
|
|
Packit Service |
6d40f9 |
const char *keytab_name,
|
|
Packit Service |
6d40f9 |
krb5_keytab *keytab)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
krb5_error_code code;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
if (keytab_name && strcmp (keytab_name, "") != 0) {
|
|
Packit Service |
6d40f9 |
code = krb5_kt_resolve (k5, keytab_name, keytab);
|
|
Packit Service |
6d40f9 |
if (code != 0) {
|
|
Packit Service |
6d40f9 |
_adcli_err ("Failed to open keytab: %s: %s",
|
|
Packit Service |
6d40f9 |
keytab_name, krb5_get_error_message (k5, code));
|
|
Packit Service |
6d40f9 |
return ADCLI_ERR_FAIL;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
} else {
|
|
Packit Service |
6d40f9 |
code = krb5_kt_default (k5, keytab);
|
|
Packit Service |
6d40f9 |
if (code != 0) {
|
|
Packit Service |
6d40f9 |
_adcli_err ("Failed to open default keytab: %s",
|
|
Packit Service |
6d40f9 |
krb5_get_error_message (k5, code));
|
|
Packit Service |
6d40f9 |
return ADCLI_ERR_FAIL;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
return ADCLI_SUCCESS;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_error_code
|
|
Packit Service |
6d40f9 |
_adcli_krb5_keytab_add_entries (krb5_context k5,
|
|
Packit Service |
6d40f9 |
krb5_keytab keytab,
|
|
Packit Service |
6d40f9 |
krb5_principal principal,
|
|
Packit Service |
6d40f9 |
krb5_kvno kvno,
|
|
Packit Service |
6d40f9 |
krb5_data *password,
|
|
Packit Service |
6d40f9 |
krb5_enctype *enctypes,
|
|
Packit Service |
6d40f9 |
krb5_data *salt)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
krb5_keytab_entry entry;
|
|
Packit Service |
6d40f9 |
krb5_error_code code;
|
|
Packit Service |
6d40f9 |
int i;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
for (i = 0; enctypes[i] != 0; i++) {
|
|
Packit Service |
6d40f9 |
memset (&entry, 0, sizeof(entry));
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
code = krb5_c_string_to_key (k5, enctypes[i], password, salt, &entry.key);
|
|
Packit Service |
6d40f9 |
if (code != 0)
|
|
Packit Service |
6d40f9 |
return code;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
entry.principal = principal;
|
|
Packit Service |
6d40f9 |
entry.vno = kvno;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
code = krb5_kt_add_entry (k5, keytab, &entry);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
entry.principal = NULL;
|
|
Packit Service |
6d40f9 |
krb5_free_keytab_entry_contents (k5, &entry);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
if (code != 0)
|
|
Packit Service |
6d40f9 |
return code;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
return 0;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_error_code
|
|
Packit Service |
6d40f9 |
_adcli_krb5_keytab_test_salt (krb5_context k5,
|
|
Packit Service |
6d40f9 |
krb5_keytab scratch,
|
|
Packit Service |
6d40f9 |
krb5_principal principal,
|
|
Packit Service |
6d40f9 |
krb5_kvno kvno,
|
|
Packit Service |
6d40f9 |
krb5_data *password,
|
|
Packit Service |
6d40f9 |
krb5_enctype *enctypes,
|
|
Packit Service |
6d40f9 |
krb5_data *salt)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
krb5_error_code code;
|
|
Packit Service |
6d40f9 |
krb5_creds creds;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
code = _adcli_krb5_keytab_clear_all (k5, scratch);
|
|
Packit Service |
6d40f9 |
return_val_if_fail (code == 0, code);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
code = _adcli_krb5_keytab_add_entries (k5, scratch, principal, kvno,
|
|
Packit Service |
6d40f9 |
password, enctypes, salt);
|
|
Packit Service |
6d40f9 |
return_val_if_fail (code == 0, code);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
memset(&creds, 0, sizeof (creds));
|
|
Packit Service |
6d40f9 |
code = krb5_get_init_creds_keytab (k5, &creds, principal, scratch, 0, NULL, NULL);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_free_cred_contents (k5, &creds);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
return code;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_error_code
|
|
Packit Service |
6d40f9 |
_adcli_krb5_keytab_discover_salt (krb5_context k5,
|
|
Packit Service |
6d40f9 |
krb5_principal principal,
|
|
Packit Service |
6d40f9 |
krb5_kvno kvno,
|
|
Packit Service |
6d40f9 |
krb5_data *password,
|
|
Packit Service |
6d40f9 |
krb5_enctype *enctypes,
|
|
Packit Service |
6d40f9 |
krb5_data *salts,
|
|
Packit Service |
6d40f9 |
int *discovered)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
krb5_keytab scratch;
|
|
Packit Service |
6d40f9 |
krb5_error_code code;
|
|
Packit Service |
6d40f9 |
int i;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
/* TODO: This should be a unique name */
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
code = krb5_kt_resolve (k5, "MEMORY:adcli-discover-salt", &scratch);
|
|
Packit Service |
6d40f9 |
return_val_if_fail (code == 0, code);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
for (i = 0; salts[i].data != NULL; i++) {
|
|
Packit Service |
6d40f9 |
code = _adcli_krb5_keytab_test_salt (k5, scratch, principal, kvno,
|
|
Packit Service |
6d40f9 |
password, enctypes, &salts[i]);
|
|
Packit Service |
6d40f9 |
if (code == 0) {
|
|
Packit Service |
6d40f9 |
*discovered = i;
|
|
Packit Service |
6d40f9 |
break;
|
|
Packit Service |
6d40f9 |
} else if (code != KRB5_PREAUTH_FAILED && code != KRB5KDC_ERR_PREAUTH_FAILED) {
|
|
Packit Service |
6d40f9 |
break;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_kt_close (k5, scratch);
|
|
Packit Service |
6d40f9 |
return code;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_error_code
|
|
Packit Service |
6d40f9 |
_adcli_krb5_w2k3_salt (krb5_context k5,
|
|
Packit Service |
6d40f9 |
krb5_principal principal,
|
|
Packit Service |
6d40f9 |
const char *host_netbios,
|
|
Packit Service |
6d40f9 |
krb5_data *salt)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
krb5_data *realm;
|
|
Packit Service |
6d40f9 |
size_t size = 0;
|
|
Packit Service |
6d40f9 |
size_t host_length = 0;
|
|
Packit Service |
6d40f9 |
size_t at = 0;
|
|
Packit Service |
6d40f9 |
int i;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
/*
|
|
Packit Service |
6d40f9 |
* The format for the w2k3 computer account salt is:
|
|
Packit Service |
6d40f9 |
* REALM | "host" | SAM-Account-Name-Without-$ | "." | realm
|
|
Packit Service |
6d40f9 |
*/
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
realm = krb5_princ_realm (k5, principal);
|
|
Packit Service |
6d40f9 |
host_length = strlen (host_netbios);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
size += realm->length;
|
|
Packit Service |
6d40f9 |
size += 4; /* "host" */
|
|
Packit Service |
6d40f9 |
size += host_length;
|
|
Packit Service |
6d40f9 |
size += 1; /* "." */
|
|
Packit Service |
6d40f9 |
size += realm->length;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
salt->data = malloc (size);
|
|
Packit Service |
6d40f9 |
return_val_if_fail (salt->data != NULL, ENOMEM);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
/* Upper case realm */
|
|
Packit Service |
6d40f9 |
for (i = 0; i < realm->length; i++)
|
|
Packit Service |
6d40f9 |
salt->data[at + i] = toupper (realm->data[i]);
|
|
Packit Service |
6d40f9 |
at += realm->length;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
/* The string "host" */
|
|
Packit Service |
6d40f9 |
memcpy (salt->data + at, "host", 4);
|
|
Packit Service |
6d40f9 |
at += 4;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
/* The netbios name in lower case */
|
|
Packit Service |
6d40f9 |
for (i = 0; i < host_length; i++)
|
|
Packit Service |
6d40f9 |
salt->data[at + i] = tolower (host_netbios[i]);
|
|
Packit Service |
6d40f9 |
at += host_length;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
/* The dot */
|
|
Packit Service |
6d40f9 |
memcpy (salt->data + at, ".", 1);
|
|
Packit Service |
6d40f9 |
at += 1;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
/* Lower case realm */
|
|
Packit Service |
6d40f9 |
for (i = 0; i < realm->length; i++)
|
|
Packit Service |
6d40f9 |
salt->data[at + i] = tolower (realm->data[i]);
|
|
Packit Service |
6d40f9 |
at += realm->length;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
assert (at == size);
|
|
Packit Service |
6d40f9 |
salt->length = size;
|
|
Packit Service |
6d40f9 |
return 0;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
/* for msDs-supportedEncryptionTypes bit defines */
|
|
Packit Service |
6d40f9 |
#define MS_KERB_ENCTYPE_DES_CBC_CRC 0x01
|
|
Packit Service |
6d40f9 |
#define MS_KERB_ENCTYPE_DES_CBC_MD5 0x02
|
|
Packit Service |
6d40f9 |
#define MS_KERB_ENCTYPE_RC4_HMAC_MD5 0x04
|
|
Packit Service |
6d40f9 |
#define MS_KERB_ENCTYPE_AES128_CTC_HMAC_SHA1_96 0x08
|
|
Packit Service |
6d40f9 |
#define MS_KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x10
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
krb5_enctype *
|
|
Packit Service |
6d40f9 |
_adcli_krb5_parse_enctypes (const char *value)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
const int max_enctypes = 5;
|
|
Packit Service |
6d40f9 |
char *end = NULL;
|
|
Packit Service |
6d40f9 |
krb5_enctype *enctypes;
|
|
Packit Service |
6d40f9 |
int types;
|
|
Packit Service |
6d40f9 |
int at;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
types = strtoul (value, &end, 10);
|
|
Packit Service |
6d40f9 |
if (end == NULL || *end != '\0')
|
|
Packit Service |
6d40f9 |
return NULL;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
enctypes = calloc (max_enctypes + 1, sizeof (krb5_enctype));
|
|
Packit Service |
6d40f9 |
return_val_if_fail (enctypes != NULL, NULL);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
at = 0;
|
|
Packit Service |
6d40f9 |
if (types & MS_KERB_ENCTYPE_DES_CBC_CRC)
|
|
Packit Service |
6d40f9 |
enctypes[at++] = ENCTYPE_DES_CBC_CRC;
|
|
Packit Service |
6d40f9 |
if (types & MS_KERB_ENCTYPE_DES_CBC_MD5)
|
|
Packit Service |
6d40f9 |
enctypes[at++] = ENCTYPE_DES_CBC_MD5;
|
|
Packit Service |
6d40f9 |
if (types & MS_KERB_ENCTYPE_RC4_HMAC_MD5)
|
|
Packit Service |
6d40f9 |
enctypes[at++] = ENCTYPE_ARCFOUR_HMAC;
|
|
Packit Service |
6d40f9 |
if (types & MS_KERB_ENCTYPE_AES128_CTC_HMAC_SHA1_96)
|
|
Packit Service |
6d40f9 |
enctypes[at++] = ENCTYPE_AES128_CTS_HMAC_SHA1_96;
|
|
Packit Service |
6d40f9 |
if (types & MS_KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96)
|
|
Packit Service |
6d40f9 |
enctypes[at++] = ENCTYPE_AES256_CTS_HMAC_SHA1_96;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
assert (at <= max_enctypes);
|
|
Packit Service |
6d40f9 |
enctypes[at] = 0;
|
|
Packit Service |
6d40f9 |
return enctypes;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
char *
|
|
Packit Service |
6d40f9 |
_adcli_krb5_format_enctypes (krb5_enctype *enctypes)
|
|
Packit Service |
6d40f9 |
{
|
|
Packit Service |
6d40f9 |
char *value;
|
|
Packit Service |
6d40f9 |
int types;
|
|
Packit Service |
6d40f9 |
int i;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
types = 0;
|
|
Packit Service |
6d40f9 |
for (i = 0; enctypes[i] != 0; i++) {
|
|
Packit Service |
6d40f9 |
switch (enctypes[i]) {
|
|
Packit Service |
6d40f9 |
case ENCTYPE_DES_CBC_CRC:
|
|
Packit Service |
6d40f9 |
types |= MS_KERB_ENCTYPE_DES_CBC_CRC;
|
|
Packit Service |
6d40f9 |
break;
|
|
Packit Service |
6d40f9 |
case ENCTYPE_DES_CBC_MD5:
|
|
Packit Service |
6d40f9 |
types |= MS_KERB_ENCTYPE_DES_CBC_MD5;
|
|
Packit Service |
6d40f9 |
break;
|
|
Packit Service |
6d40f9 |
case ENCTYPE_ARCFOUR_HMAC:
|
|
Packit Service |
6d40f9 |
types |= MS_KERB_ENCTYPE_RC4_HMAC_MD5;
|
|
Packit Service |
6d40f9 |
break;
|
|
Packit Service |
6d40f9 |
case ENCTYPE_AES128_CTS_HMAC_SHA1_96:
|
|
Packit Service |
6d40f9 |
types |= MS_KERB_ENCTYPE_AES128_CTC_HMAC_SHA1_96;
|
|
Packit Service |
6d40f9 |
break;
|
|
Packit Service |
6d40f9 |
case ENCTYPE_AES256_CTS_HMAC_SHA1_96:
|
|
Packit Service |
6d40f9 |
types |= MS_KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96;
|
|
Packit Service |
6d40f9 |
break;
|
|
Packit Service |
6d40f9 |
default:
|
|
Packit Service |
6d40f9 |
break;
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
}
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
if (types == 0)
|
|
Packit Service |
6d40f9 |
return NULL;
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
if (asprintf (&value, "%d", types) < 0)
|
|
Packit Service |
6d40f9 |
return_val_if_reached (NULL);
|
|
Packit Service |
6d40f9 |
|
|
Packit Service |
6d40f9 |
return value;
|
|
Packit Service |
6d40f9 |
}
|